Solved

Removing group privilage from user after domain change

Posted on 2004-04-08
3
227 Views
Last Modified: 2010-04-11
I just recently switched a user from one domain (which is being phased out) to a new domain.  The old domain had poor control on the users and all users were created with "Domain Admins" as part of their assigned groups.  I would like to remove that assigned group but when I do the user is missing settings (recently opened programs, applications settings, etc).  I suspect this has something to do with the ntuser.dat.  How can I remove the assigned group after switching to a new domain controller?

The method used to transfer the users: create the user on the new DC, copied the files over using Explorer and reset the permissions on the files to user and system.  File permissions don't seem to be the problem as it appears to be the groups assigned to the user.
0
Comment
Question by:jeffg_91911
3 Comments
 
LVL 16

Accepted Solution

by:
Nyaema earned 250 total points
ID: 10790773
REcently opened programs, application settings etc are stored in the registry.

When you moved the user to the new domain, you basically created a new user.

To move his settings to the new computer,login to the as the old user.  Run regedit.  Save the key currentuser.
Login as the new user and import the registry key you just saved.
0
 
LVL 83

Assisted Solution

by:oBdA
oBdA earned 250 total points
ID: 10791392
The problem here are the permissions on the user's registry (the ntuser.dat that you already pointed out). The ACLs in there still reference the "old" domain user, and the "new" user will only have access to them if he has admin permissions.
Use "Method III" (editing the registry) in the article below to remove the "old" user from the registry's (ntuser.dat) permissions and add the "new" domain user with full access. To edit those permissions, just don't open the file "ntuser.man" (as described in the article) but "ntuser.dat" in the "new" user's profile folder.

How to Update Permissions for User Profiles
http://support.microsoft.com/?kbid=156697

The only exceptions AFAIK to the "Full Access" for the user key are the keys Software\Policies and Software\Microsoft\Windows\CurrentVersion\Policies, where only Administrators and System should have Full Access, the user Read Access only.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 149
cmd: can't connect using netsh command 14 89
VIRTUAL NETWORKING 3 60
Bandwidth issues? 5 28
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now