Solved

AD Permissions not working on a workstation

Posted on 2007-11-29
6
259 Views
Last Modified: 2013-12-23
I have a workstation that was using Windows 2000 connected to Server 2003 AD. I moved the documents and settings contents of the user to a new fresh install after the user was created on first login.  This new machine replaced the old which is off the network. Now the group policy permissions aren't working for a user IE User X in Group Y cannot read write to Share Z when Group Y has full access to the share. I tried logging in as an admin in safemode and renaming the user to _X then created a fresh user. And copied specific application data, outlook firefox etc, and documents and the problems appears to have come up again.  If the user logs into another machine they can get access to the share and if the another user with access to those shares logs into this machine they will get access.  Should i rename the NTUSER.DAT or some other file to reset the credentials?
0
Comment
Question by:knausscpa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 3

Assisted Solution

by:greymirror
greymirror earned 150 total points
ID: 20380225
If i have this problem i generally only copy their files across (My Documents and Desktop). I've tried copying application data and found that the microsoft settings don't handle it very well. Windows XP has a settings migration wizard to handle this, but i'm not sure if 2000 does.

NTUSER.dat needs to be specific to the computer or it will try and re-create it - don't copy it from another profile.
0
 
LVL 37

Accepted Solution

by:
bbao earned 350 total points
ID: 20380790
you may try to

1. back up the all data of the problem user under C:\Documents and Settings\USERNAME (including its sub-folders)
2. delete the problem user's profile from Control Panel | System | User Profiles
3. ask the user log on again.
4. restore his/her data from the following folders (including its sub-folders) in the above backup.

C:\Documents and Settings\USERNAME\Desktop
C:\Documents and Settings\USERNAME\Favorites
C:\Documents and Settings\USERNAME\My Documents
C:\Documents and Settings\Administrator\SendTo (only if necessary)
C:\Documents and Settings\USERNAME\Start Menu (only if necessary)
C:\Documents and Settings\USERNAME\Templates (only if necessary)

5. if it is *really* necessary, restore his/her data from the following folders (probably NOT including its sub-folders) in the above backup

C:\Documents and Settings\USERNAME\Application Data
C:\Documents and Settings\USERNAME\Local Settings\Application Data

6. as greymirror mentioned above, do NOT copy NTUSER.DAT file. actually, you log on as the problem user, you cannot copy this file as it is being used.
7. restore other files, probably those on other user folders or in other partitions.

hope it helps,
bbao
0
 

Author Comment

by:knausscpa
ID: 20383125
I did almost exactly what BBAO said.  I will be going in again today and will give it another try and see.
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 
LVL 37

Expert Comment

by:bbao
ID: 20385521
3. ask the user log on again. additionally, test if the user can work well *without* his/her old data. if yes, do the next step to restore the data.
0
 

Author Comment

by:knausscpa
ID: 20386572
I figured it out the problem was that she used a different account for her exchange email.  Once i setup outlook with that exchange account it was taking those permissions and ignoring the permissions for the main user login. Once i added the exchange account to the same GP then it worked.
0
 
LVL 37

Expert Comment

by:bbao
ID: 20387110
> Once i setup outlook with that exchange account it was taking those permissions and ignoring the permissions for the main user login.

do you mean public folders' permissions?
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question