Solved

Remove Administrator

Posted on 2006-06-16
8
279 Views
Last Modified: 2010-04-18
I am trying to remove an administrator profile (e.g. joeadm ) off of a Windows 2003 server. I have tried logging in as a domain administrator as well as a local administrator. When I navigate to user profiles, I can see the profile in the list. However when I highlight it to remove it, "delete" will not highlight. I cannot find a trend here, as I am able to highlight other admin names ( e.g. bobadm ) and it highlights the "delete" button. Please tell me how to remove this user profile, as I am getting error logs with his account name in them ( e.g. 1030, 1060, other kerbos/LDAP issues ).

Thanks,

C
0
Comment
Question by:cmoerbe
  • 4
  • 4
8 Comments
 

Author Comment

by:cmoerbe
ID: 16920495
By the way, I was considering creating a new generic account, then using the copy to function, and just copy that profile over the admin profile. This is in an attempt to "dumb down" the admin accounts rights and then giving me the ability to delete it. Its just a shot in the dark, but I didnt want to do it until I was able to bounce some other ideas off of the problem.
0
 
LVL 26

Assisted Solution

by:Pber
Pber earned 250 total points
ID: 16920733
Log on as another user then navigate to c:\Documents and Settings and delete the profile from there.  If you want to delete the profile from the registry as well (which will remove it from the user profile list) navigate to the following key:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

Go through the list of SIDS until you find the one for the user.  Look for the value in ProfileImagePath.

The next time you log in with the administrator account it will recreate the profile.  

Hope that helps
0
 
LVL 26

Expert Comment

by:Pber
ID: 16920784
I failed to mention in my previous post to delete the key corresponding to the SID of the profile you wish to delete.  You can also just rename the key as well as the profile name under Documents and Settings just so you have backup.  This way the user will get a new profile and you can go back if needed.
0
 

Author Comment

by:cmoerbe
ID: 16920900
I tried to delete the user from Documents and Settings already, but it keeps giving the error message " Cannot delete NTUSER.DAT: It is being used by another person or program." However, I know that the user is not logged in or using any portion of that server. I also checked shared folders - sessions - and verified that it wasnt using his profile behind the scenes. Should I go with the registry change first, and then try to delete it?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 26

Expert Comment

by:Pber
ID: 16921036
Reboot the box if you can and then delete the profile right away.  Try connecting to the machine remotely (i.e. \\machine\c$) and deleting it that way as well.
0
 

Author Comment

by:cmoerbe
ID: 16921505
Well its a production server, so I will have to wait until after hours to try that approach.
Also I cannot UNC to the C$. It wont allow access, for security reasons. I think maby starting in safe mode might help, but again that will have to wait until non-business hours.
0
 
LVL 26

Accepted Solution

by:
Pber earned 250 total points
ID: 16921583
You might be able to do this during production...

If you delete/rename the registry key and then try to login with the administrator account, it will try and create a new profile under documents and settings

The old profile will be:

c:\documents and settings\administrator

The new profile will be

c:\documents and settings\administrator.domain
or
c:\documents and settings\administrator.000

You will see this reflected in the ProfileImagePath in the registry.  If you want to clean this up later after you rebooted and deleted the original profile, you can rename the administrator.000 to administrator and update the ProfileImagePath in the registry to point to the renamed path.
0
 

Author Comment

by:cmoerbe
ID: 16922552
I found out what the problem was. There was a disconnected remote session sitting in terminal services manager. (I dont know why I didnt think about that earlier )  It kept trying to reconnect to the session. I went into term serv mgr, removed the disconnected session, and then it allowed me to go in and delete both profiles. ( joeadm and joeadm.domain ). I do appreciate your reply though, and will use that as another tool if I were to run into this type of problem again.

Thanks!

C
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video discusses moving either the default database or any database to a new volume.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now