Solved

AD Permissions not working on a workstation

Posted on 2007-11-29
6
254 Views
Last Modified: 2013-12-23
I have a workstation that was using Windows 2000 connected to Server 2003 AD. I moved the documents and settings contents of the user to a new fresh install after the user was created on first login.  This new machine replaced the old which is off the network. Now the group policy permissions aren't working for a user IE User X in Group Y cannot read write to Share Z when Group Y has full access to the share. I tried logging in as an admin in safemode and renaming the user to _X then created a fresh user. And copied specific application data, outlook firefox etc, and documents and the problems appears to have come up again.  If the user logs into another machine they can get access to the share and if the another user with access to those shares logs into this machine they will get access.  Should i rename the NTUSER.DAT or some other file to reset the credentials?
0
Comment
Question by:knausscpa
  • 3
  • 2
6 Comments
 
LVL 3

Assisted Solution

by:greymirror
greymirror earned 150 total points
ID: 20380225
If i have this problem i generally only copy their files across (My Documents and Desktop). I've tried copying application data and found that the microsoft settings don't handle it very well. Windows XP has a settings migration wizard to handle this, but i'm not sure if 2000 does.

NTUSER.dat needs to be specific to the computer or it will try and re-create it - don't copy it from another profile.
0
 
LVL 37

Accepted Solution

by:
bbao earned 350 total points
ID: 20380790
you may try to

1. back up the all data of the problem user under C:\Documents and Settings\USERNAME (including its sub-folders)
2. delete the problem user's profile from Control Panel | System | User Profiles
3. ask the user log on again.
4. restore his/her data from the following folders (including its sub-folders) in the above backup.

C:\Documents and Settings\USERNAME\Desktop
C:\Documents and Settings\USERNAME\Favorites
C:\Documents and Settings\USERNAME\My Documents
C:\Documents and Settings\Administrator\SendTo (only if necessary)
C:\Documents and Settings\USERNAME\Start Menu (only if necessary)
C:\Documents and Settings\USERNAME\Templates (only if necessary)

5. if it is *really* necessary, restore his/her data from the following folders (probably NOT including its sub-folders) in the above backup

C:\Documents and Settings\USERNAME\Application Data
C:\Documents and Settings\USERNAME\Local Settings\Application Data

6. as greymirror mentioned above, do NOT copy NTUSER.DAT file. actually, you log on as the problem user, you cannot copy this file as it is being used.
7. restore other files, probably those on other user folders or in other partitions.

hope it helps,
bbao
0
 

Author Comment

by:knausscpa
ID: 20383125
I did almost exactly what BBAO said.  I will be going in again today and will give it another try and see.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 37

Expert Comment

by:bbao
ID: 20385521
3. ask the user log on again. additionally, test if the user can work well *without* his/her old data. if yes, do the next step to restore the data.
0
 

Author Comment

by:knausscpa
ID: 20386572
I figured it out the problem was that she used a different account for her exchange email.  Once i setup outlook with that exchange account it was taking those permissions and ignoring the permissions for the main user login. Once i added the exchange account to the same GP then it worked.
0
 
LVL 37

Expert Comment

by:bbao
ID: 20387110
> Once i setup outlook with that exchange account it was taking those permissions and ignoring the permissions for the main user login.

do you mean public folders' permissions?
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question