[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

Weird security issues after migration to new active directory domain...

Hello Experts!

I recently changed over my active directory domain from "mycompany.com" to "mycompany.local" and everything went along fine until I tried to start MS Outlook as "%username%" on their computer. Outlook would fail with an access exception error in some .cpl file. So, I logged on as admin and tried to start outlook, and it started with no problems.

I logged back on as the user to see what else was wrong...

The recent programs list (on XP Start Menu) was empty.
The "Run History" was empty.

And some other weird stuff.

By the way, I copied the user profile from the old  (.com) domain to the new (.local) domain by logging on as admin and copying:

c:\documents and settings\%username%\

to

c:\documents and settings\%username%-MYCOMPANY.LOCAL

So, because I discovered these problems late on Sunday night and since people needed to work on Monday morning, I had to find a temporary solution. So, as a workaround, I made everyone a DOMAIN ADMIN and added %username%@mycompany.local have full control of the HKEY_CURRENT_USER reghive.

My questions related to this matter are:

1. What did I miss in transferring the profile over from the old domain to the new one that made it not work?
2. Is there a guide on the best way to secure a Windows 2000/2003 Network?

Thanks!

-neomage23
0
neomage23
Asked:
neomage23
  • 3
  • 2
  • 2
  • +2
1 Solution
 
TannerManCommented:
Oh man !
Woudn't just making them a local admin on their local machine work? Even in the current state, domain admin is not needed.

Not sure what went wrong with your profile moves, but get them folks out of domain admins ....fast !
0
 
Asta CuCommented:
Hope this adds some insight to your problem.
HOW TO: Apply Predefined Security Templates in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;816585
How To Apply Predefined Security Templates in Windows 2000
http://support.microsoft.com/kb/309689/EN-US/
Windows 2000 Active Directory Migration Tool
http://www.microsoft.com/technet/prodtechnol/windows2000serv/downloads/w2kadmt.mspx
Windows Server 2003 Active Directory
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
0
 
TMWSIYCommented:
Try starting outlook in save mode.

Instead of going the admin route just modify the perms in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
neomage23Author Commented:
Hello Experts!

I would first like to thank you guys for trying to help me with this question, but I found the answer myself for XP machines:

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21000917.html

The thing is, this doesn't really work on the three Windows 2000 machines. I will give the points to whomever can help me with getting this to happen on the Win2k Pro machines.

Thanks!

-neo
0
 
Asta CuCommented:
Creating new users/profiles doesn't help?  At work, and swamped.  Will check back when I can.
0
 
Paul SCommented:
****this assumes you have already copied "C:\documents and settings\username-MYCOMPANY.com" tol "C:\documents and settings\username-MYCOMPANY.local\"


login as admin, open regedit. highlight local machine. Select file > load hive.

go to C:\documents and settings\username-MYCOMPANY.local\ntuser.dat

give name to hive

right click on new reg folder that appears.  select permissions. make sure that the correct user has permission. or give permission to everyone.
0
 
neomage23Author Commented:
Thank you to everyone who helped me with this!
0
 
Paul SCommented:
your welcome
0
 
Asta CuCommented:
Happy you're pleased.  ":-0)  Asta
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now