Solved

Removing group privilage from user after domain change

Posted on 2004-04-08
3
244 Views
Last Modified: 2010-04-11
I just recently switched a user from one domain (which is being phased out) to a new domain.  The old domain had poor control on the users and all users were created with "Domain Admins" as part of their assigned groups.  I would like to remove that assigned group but when I do the user is missing settings (recently opened programs, applications settings, etc).  I suspect this has something to do with the ntuser.dat.  How can I remove the assigned group after switching to a new domain controller?

The method used to transfer the users: create the user on the new DC, copied the files over using Explorer and reset the permissions on the files to user and system.  File permissions don't seem to be the problem as it appears to be the groups assigned to the user.
0
Comment
Question by:jeffg_91911
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 16

Accepted Solution

by:
Nyaema earned 250 total points
ID: 10790773
REcently opened programs, application settings etc are stored in the registry.

When you moved the user to the new domain, you basically created a new user.

To move his settings to the new computer,login to the as the old user.  Run regedit.  Save the key currentuser.
Login as the new user and import the registry key you just saved.
0
 
LVL 85

Assisted Solution

by:oBdA
oBdA earned 250 total points
ID: 10791392
The problem here are the permissions on the user's registry (the ntuser.dat that you already pointed out). The ACLs in there still reference the "old" domain user, and the "new" user will only have access to them if he has admin permissions.
Use "Method III" (editing the registry) in the article below to remove the "old" user from the registry's (ntuser.dat) permissions and add the "new" domain user with full access. To edit those permissions, just don't open the file "ntuser.man" (as described in the article) but "ntuser.dat" in the "new" user's profile folder.

How to Update Permissions for User Profiles
http://support.microsoft.com/?kbid=156697

The only exceptions AFAIK to the "Full Access" for the user key are the keys Software\Policies and Software\Microsoft\Windows\CurrentVersion\Policies, where only Administrators and System should have Full Access, the user Read Access only.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question