Solved

New local profile gets created with .domain extension at random times on random W2k pc's

Posted on 2007-04-04
6
473 Views
Last Modified: 2010-04-18
Some of our users are getting new profiles created when they log in to the domain, and of course they don't see the desktop they're used to, etc.  These are local profiles, not roaming.

Our users all log in using our domain name in the login screen (user;password;domain).  Their existing profiles are shown in Documents and Settings as 'username' and the new profile being created is 'username.domain' (so even though they've been logging into the domain for months, the profile being used does not have the .domain extension)  .  The existing profile has been in use for a long time, but on random days and random pc's, a new profile gets created.

It seems all of the effected pc's are Windows 2000 pro sp4.  Our original domain controller is Windows 2000 sp4, and we added a second DC running Windows 2003 sp1 in January.  Everything seems to be running fine from the DC standpoint - dcdiag shows no errors.  The login script seems to run properly, as all their mapped drives appear.

Re-creating the users old profile is getting annoying.

What is causing the second profile to be created and how do we stop this behavior?

 
0
Comment
Question by:si-support
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 26

Expert Comment

by:Pber
ID: 18850757
This is usually caused by permissions being changed.  The user should have full control to his/her folder in documents and settings.

You can revert to the old profile by making user the user has full control throughout the profile and re-pointing the registry.

See this:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/2000/Q_21933678.html

0
 

Author Comment

by:si-support
ID: 18850895
Pber -

The user's permissions on the pc or network have not changed from the day before when they logged in fine.  They log out and log back in every day.  They haven't changed their password. The permissions on the new folder are the same as on the old folder.

Thanks for the tip on getting back the profile, but we don't need help getting back to the original profile settings - after a half dozen of these it's down pat.
0
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
ID: 18851048
There could be corruption as well.  Windows has a nasty problem with this.  I'm not sure why only 2000 machines.  Have you looked into UPHClean, it might help:

http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
http://searchwinit.techtarget.com/tip/0,289483,sid1_gci960409,00.html
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:si-support
ID: 18852115
Thanks pber.  I'll try using that tool.  Do I install it at the DC or do I need to push to all of our w2k pc's?
0
 
LVL 26

Expert Comment

by:Pber
ID: 18852164
It installs on the target PC's.  Try it on one problem PC first and see if it occurs again before you deploy it to all.  We have deployed that to all of our machines.  It pretty much fixed up any profile corruption problems we had.
0
 

Author Comment

by:si-support
ID: 19108135
I tried using the tool on one of the problem pc's and, unfortunately, that didn't help.  We wound up rebuilding the drive.  After having a flurry of issues, we haven't had a profile corruption for awhile now.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question