Solved

Removing group privilage from user after domain change

Posted on 2004-04-08
3
240 Views
Last Modified: 2010-04-11
I just recently switched a user from one domain (which is being phased out) to a new domain.  The old domain had poor control on the users and all users were created with "Domain Admins" as part of their assigned groups.  I would like to remove that assigned group but when I do the user is missing settings (recently opened programs, applications settings, etc).  I suspect this has something to do with the ntuser.dat.  How can I remove the assigned group after switching to a new domain controller?

The method used to transfer the users: create the user on the new DC, copied the files over using Explorer and reset the permissions on the files to user and system.  File permissions don't seem to be the problem as it appears to be the groups assigned to the user.
0
Comment
Question by:jeffg_91911
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 16

Accepted Solution

by:
Nyaema earned 250 total points
ID: 10790773
REcently opened programs, application settings etc are stored in the registry.

When you moved the user to the new domain, you basically created a new user.

To move his settings to the new computer,login to the as the old user.  Run regedit.  Save the key currentuser.
Login as the new user and import the registry key you just saved.
0
 
LVL 84

Assisted Solution

by:oBdA
oBdA earned 250 total points
ID: 10791392
The problem here are the permissions on the user's registry (the ntuser.dat that you already pointed out). The ACLs in there still reference the "old" domain user, and the "new" user will only have access to them if he has admin permissions.
Use "Method III" (editing the registry) in the article below to remove the "old" user from the registry's (ntuser.dat) permissions and add the "new" domain user with full access. To edit those permissions, just don't open the file "ntuser.man" (as described in the article) but "ntuser.dat" in the "new" user's profile folder.

How to Update Permissions for User Profiles
http://support.microsoft.com/?kbid=156697

The only exceptions AFAIK to the "Full Access" for the user key are the keys Software\Policies and Software\Microsoft\Windows\CurrentVersion\Policies, where only Administrators and System should have Full Access, the user Read Access only.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question