Solved

Profiles, taking away admin access, domain joining, etc

Posted on 2004-04-20
6
685 Views
Last Modified: 2010-04-13
Hi folks, profile question(s).

We have a small LAN, bout 40 users on it. Prior to my starting here, all workstations had admin access, and of course, it's been no end of trouble.

We have a new domain, and password sync (SFU 3.5) set up, which is set to kick in every 60 days. In a perfect world, I'd love to transfer all the boxes to the domain in that time - half that now, actually (one-man Windows admin, helpdesk, etc. eats up time) - but for now, I'm thinking about simply making their current local profile the Default User profile, and then creating a new account on each box for all users, so I can at least get users logging onto the domain, and still retaining their previous profile, so they can password sync from their workstations when the time comes.

I've tried this on my system, and was unsuccessful - I think it was because I had the Pre-Windows 2000 login set to duanel, 'cause that's what the new account showed up as on my local box. Also, I had no access to write to my newly created profile for some reason.

I have an account set up on the domain controller - dlambe@ads.dw , and I also log into my local box (non-domain) as dlambe.

I was hoping that someone could answer with a fairly detailed walkthrough as to what to expect, how I can get the local account to be the same username as what's on the domain, and if I can actually do what I'm trying to do the way I'm trying to do it - oh, and also if I can take away admin access, and still allow the users to write to their own profile (not sure what happened to my test, but I must have missed something). I've seen some posts regarding what I'm trying, but nothing as detailed as what I'm looking for. Had I more time (and some test boxes other than my work system), I'd be happy to do it myself, but I simply can't.

Thanks much for any insight.
0
Comment
Question by:wysardry
  • 3
  • 3
6 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 10869483
the only way to set up local accounts the same as domain accounts without joining the PC to the domain is to simply create a local account with the same name and set the password to be the same... it would be easier to just join the workstations to your domain though,,, it only takes about 2 minutes and a restart of the OS.  If you are using local profiles,,,, their domain profile and thier local profile are two completely different profiles all together by the way
0
 

Author Comment

by:wysardry
ID: 10869669
Yep, understood, but the logins they have on the domain will in some cases be different from the local profiles.

Mainly, our mail server has <FirstnameLastinitial> whereas the systems vary from this, to <FirstinitialLastname> to variations of truncated name. The mail server is going to be our model for usernames due to the password sync stuff, as it's far easier to build around it, rather than changing the mail server itself. Password sync requires all the login names to be the same across the network, of course.

I'd like to keep their current - stuff - in the profile as well. Is the best way simply;

1- join box to domain
2- log into domain with domain user account
3- copy everything from local profile (bear in mind it's an Admin account) to the new domain profile

I was hoping to get the best way to do this, with the least amount of downtime per user, and the least amount of headache. :)
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 10869715
that is the best way in my opinion,, the local profiles have nothing to do with the fact that the account that it was created with once had local admin rights,,, these local admin rights will not be carried over.  make sure when you copy the profiles over that you give the appropriate domain user rights to the profile.. if not ,,, nobody will be able to use the profile.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:wysardry
ID: 10869778
I think you lost me on that last part. :)
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 500 total points
ID: 10870024
when you copy the profiles... do it from the profile tab of the properties for my computer (depending on your OS)  make sure you click on the permissions tab and give whichever user you want to access the profile permission to do so,, if not nobody will have access to it
0
 

Author Comment

by:wysardry
ID: 10871155
Gah! "Permitted to Use" under XP - I must be blind for not seeing that option! Thanks for the help, really appreciate it.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Azure Functions is a solution for easily running small pieces of code, or "functions," in the cloud. This article shows how to create one of these functions to write directly to Azure Table Storage.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question