Solved

Removing group privilage from user after domain change

Posted on 2004-04-08
3
207 Views
Last Modified: 2010-04-11
I just recently switched a user from one domain (which is being phased out) to a new domain.  The old domain had poor control on the users and all users were created with "Domain Admins" as part of their assigned groups.  I would like to remove that assigned group but when I do the user is missing settings (recently opened programs, applications settings, etc).  I suspect this has something to do with the ntuser.dat.  How can I remove the assigned group after switching to a new domain controller?

The method used to transfer the users: create the user on the new DC, copied the files over using Explorer and reset the permissions on the files to user and system.  File permissions don't seem to be the problem as it appears to be the groups assigned to the user.
0
Comment
Question by:jeffg_91911
3 Comments
 
LVL 16

Accepted Solution

by:
Nyaema earned 250 total points
ID: 10790773
REcently opened programs, application settings etc are stored in the registry.

When you moved the user to the new domain, you basically created a new user.

To move his settings to the new computer,login to the as the old user.  Run regedit.  Save the key currentuser.
Login as the new user and import the registry key you just saved.
0
 
LVL 83

Assisted Solution

by:oBdA
oBdA earned 250 total points
ID: 10791392
The problem here are the permissions on the user's registry (the ntuser.dat that you already pointed out). The ACLs in there still reference the "old" domain user, and the "new" user will only have access to them if he has admin permissions.
Use "Method III" (editing the registry) in the article below to remove the "old" user from the registry's (ntuser.dat) permissions and add the "new" domain user with full access. To edit those permissions, just don't open the file "ntuser.man" (as described in the article) but "ntuser.dat" in the "new" user's profile folder.

How to Update Permissions for User Profiles
http://support.microsoft.com/?kbid=156697

The only exceptions AFAIK to the "Full Access" for the user key are the keys Software\Policies and Software\Microsoft\Windows\CurrentVersion\Policies, where only Administrators and System should have Full Access, the user Read Access only.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now