Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Removing group privilage from user after domain change

Posted on 2004-04-08
3
235 Views
Last Modified: 2010-04-11
I just recently switched a user from one domain (which is being phased out) to a new domain.  The old domain had poor control on the users and all users were created with "Domain Admins" as part of their assigned groups.  I would like to remove that assigned group but when I do the user is missing settings (recently opened programs, applications settings, etc).  I suspect this has something to do with the ntuser.dat.  How can I remove the assigned group after switching to a new domain controller?

The method used to transfer the users: create the user on the new DC, copied the files over using Explorer and reset the permissions on the files to user and system.  File permissions don't seem to be the problem as it appears to be the groups assigned to the user.
0
Comment
Question by:jeffg_91911
3 Comments
 
LVL 16

Accepted Solution

by:
Nyaema earned 250 total points
ID: 10790773
REcently opened programs, application settings etc are stored in the registry.

When you moved the user to the new domain, you basically created a new user.

To move his settings to the new computer,login to the as the old user.  Run regedit.  Save the key currentuser.
Login as the new user and import the registry key you just saved.
0
 
LVL 84

Assisted Solution

by:oBdA
oBdA earned 250 total points
ID: 10791392
The problem here are the permissions on the user's registry (the ntuser.dat that you already pointed out). The ACLs in there still reference the "old" domain user, and the "new" user will only have access to them if he has admin permissions.
Use "Method III" (editing the registry) in the article below to remove the "old" user from the registry's (ntuser.dat) permissions and add the "new" domain user with full access. To edit those permissions, just don't open the file "ntuser.man" (as described in the article) but "ntuser.dat" in the "new" user's profile folder.

How to Update Permissions for User Profiles
http://support.microsoft.com/?kbid=156697

The only exceptions AFAIK to the "Full Access" for the user key are the keys Software\Policies and Software\Microsoft\Windows\CurrentVersion\Policies, where only Administrators and System should have Full Access, the user Read Access only.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How VPC help preventing STP Loops 4 130
managing a small network 6 97
QoS for Voip 7 54
Receiving wifi on an underground station 22 94
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question