Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1088
  • Last Modified:

XP Pro SP1- Disjoining from Domain without losing profile

XP Pro SP1

Need to disjoin from a domain and still allow user to log into previous profile with no hitches.  Would like to know if there is any trick to this.  A link to procedure would be great.

**  Background:  PC was at a users home but still joined to our domain.  Another person noticed this, and joined him to WORKGROUP.  After this, the login for "userid" stopped working and nobody could figure out the admin password.  The PC was brought to me and I used "nt_pass" to blank out the Administrator password and get into the PC.

Now, I am joined back to the domain (back at square 1) and want to know the 'right' path.  Do I need to 'disjoin', then create a 'same named' local account and manually copy profile over?  

Any advice, or proper procedures appreciated.  We will likely be doing this for many more 'domain' PCs that are becoming home PCs permanently.

0
DayHelper
Asked:
DayHelper
  • 5
  • 4
  • 4
  • +1
1 Solution
 
davy999Commented:
What type of profile are we talking about?
0
 
DayHelperAuthor Commented:
User.
0
 
DayHelperAuthor Commented:

OK, so here is what I did.

As in the original question:  

1)  I used "nt_pass" to 'blank' out the Administrator.  (forget the part about rejoining to the domain since I undid that)

New stuff:  (I am now joined to group 'workgroup' and can log in as Administrator)

2)  I logged in as Administrator and created a new local user named the same as the domain user had been, then logged in as that user.
3)  His stuff was not all there, so I logged out as "newuserid" and back in as Administrator then went to Documents & Settings area.  The old user profile was now called "userid.gx260.xxx" after old computer name.  So, I selected all items (except Ntuser.dat, Ntuser.dat.log, & Ntuser.ini) and did a COPY.  Then I went into the Documents & Settings "newuserid" and did a paste.

4)  Logged back in as local user "newuserid" and everything seems to be there.

****  Is this a good/proper method for taking someone off a domain and leaving their 'stuff' intact under their old UserId? ........or is there a better/easier way?

Thanks.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
davidis99Commented:
how to create a local user and transfer their domain profile to a local profile.

1) Go to Start, Settings, Control Panel, Administrative Tools.
2) Go to Computer Management, Local Users and Groups.
3) Click on Users folder in left pane, then right-click, new user in right hand pane.  Create local user account.  
4) Logout from exisitng account, login locally as user to create default folders for user profile.  
5) shut down, restart, login with domain account.
6) right-click my Computer, properties, click on advanced tab, click on settings under "user profiles".
7) select domain profile you want to move/copy, then click "copy to", and select the local user profile you just created.
8) logout, login as the local user, verify data copied correctly.
9) logout, log into domain, remove PC from domain.
0
 
davidis99Commented:
I'm pretty sure that covers everything you need.   Please let me know if anything is missing.
0
 
davidis99Commented:
BTW - once the machine is out of the domain, you may want to delete any domain profiles on the PC, then use a tool such as Eraser to wipe the free disk space.
0
 
baconyiCommented:
question... is it necessary to leave the domain? this user's pc is at home, he will require a VPN connection to your office/server prior to being able to access any company files,  i doubt he knows how to create a vpn, let alone the vpn address.  lets just say he does know both, he would need dial-in rights to be able to connect to the server.  if you deny dial-in, under user properties in active directory users and computers, then he wont be able to log in.

his profile, programs, etc stays the same.
but if there is a good reason to leave domain, then david has the procedure to copy profiles.
Billy
0
 
DayHelperAuthor Commented:
David,
  See my post above.  Is this also an acceptable method.  It seems to have worked but I don't want to take a chance if there is reason to believe it isn't a clean copy.

  DH
0
 
baconyiCommented:
what exacly are you looking for that you need to "keep the same"?
most of the time, when we need to create a new profile, the users only request for desktop shortcuts, favorites, and my documents(or any other document folders) to work like it used to.  programs will work regardless of what profile you log in as, unless you dont give them local admin rights.
Billy
0
 
baconyiCommented:
email will not work if you just "copy" (if you used outlook or some email client)
0
 
DayHelperAuthor Commented:

   Baconyi......yes, the user will be using VPN and is very familiar with it.  The problem with him being joined to the domain was with the way our changing security policies were affecting his home system.  Since he did not need to be part of the domain to be a VPN client, we undid this.

   We are only speaking of the 'profile' in reference to his local profile on the desktop PC.  No changes in his 'profile' on the Windows 2003 server are being made, so VPN will work as it always did.

   DH
0
 
DayHelperAuthor Commented:
Baconyi........

.........you are talking ham and we are talking turkey.  Thanks anyway.  David has the correct alternate solution.
0
 
baconyiCommented:
dayhelper,

i know what im talking about, im telling you the difference in just copying from the directory under documents and settings, verses what david said, his method of course is the right way to copy a profile.  but your question was 'is the method you performed ok'.... and i was telling you that if you copy things over, from one directory to another, that ive done that before but we only copy those certain folders (favorites, my docs, desktop) everything else is created when the profile is created.  and that email does not work if setup in something like outlook because it is profile specific.

regardless of domain or not, the folder for a profile still remains on the local PC, unless he uses remote desktop after VPN which of course the profile would be on the server.  please dont mock me because you think im talking about something else.

Billy
0
 
davidis99Commented:
Dayhelper, your method obviously worked, but the copy profile option within system properties should ensure that no files get left behind.  
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 5
  • 4
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now