Users getting auto generated new local profiles on 2000 workstations.

Posted on 2007-07-23
Last Modified: 2010-04-18
I have a 2003 domain with a mixture of both 2000 and XP boxes.  For some reason, users on the 2000 boxes occassionally have a new user profile created for them on their local PC.  This just randomly happpens from time to time.  For example, the user might have had a profile on the pc by the name of user.domain.  Now that will still show up under docs and settings, but you will also find a new profile with the name user.domain.000 and this will be the profile the user is now using.  Any ideas as to what can be causing this?  It doen't affect the XP boxes.
Question by:wsstechs
    LVL 63

    Expert Comment


    Author Comment

    Not really. ;)  I am looking for the root cause.  I already know how to copy profiles.  Thanks anyway.  ;)
    LVL 4

    Accepted Solution

    By default the Everyone security principal has Full Control of the root directory of each drive on a Windows 2000 machine and these permissions are inherited be each subdirectory.  When a new profile is created Windows 2000 uses that user's account to create the profile and permissions to that profile are granted to the Admistrators group and the Creator/Owner (the User) and permission inheritance for the Everyone security principal is overriden (not granted) for the profile and its subdirectories.  When a domain user logs onto a computer when its computer account password needs to be renewed the Windows 2000 machine will trust the Domain for Authentication (logging in) but not Authorization (granting permissions).  When this happens the user is no longer recognized as the owner of their own profile and if they are not a member of the Administrators group cannot access it but because they Full Control to the remainder of the drive through the Everyone security principal a new profile is created.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now