Solved

Domain user has locked down profile unexpectedly

Posted on 2008-06-23
12
305 Views
Last Modified: 2008-11-22
This has happened once before many months ago. In our office everyone had a working profile with the ability to shut down their own machines. One day, one user's profile was somehow "locked down" a bit. The user could not access her favorites in IE, and when clicking the start button, would see a slimmed down menu. She also could not shut down her machine, only Log Off was an option. And when opening up My Computer, it was empty. Nothing in her AD profile has been changed.

It was very similar to a terminal session when logging on remotely. We had configured security so that users could not inadvertantly cause harm to the TS. But this setting seems to be applying to domain users when they are in our office. Is there a setting I am missing? Before we ended up just recreating her profile. Is there an easier way? Thanks in advance
0
Comment
Question by:itpcg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 21848783
Check to see if there is a GPO applied to her account / machine inadvertinly
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21848847
Where are you applying the GPO for the terminal service session?
0
 

Author Comment

by:itpcg
ID: 21848867
Nope, not that I see. She's just a domain user and in certain security groups for directory access but those are the same ones I am a part of. It's not her machine b/c I can log in with my profile and get a normal setup. I can log her into other machines and still get her locked down profile. Thanks for the suggestion, got anymore?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 17

Expert Comment

by:Andres Perales
ID: 21848892
Then there is an GPO or policy set against her user account, if she logs on to another machine and still get a locked down enviroment.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21848923
Try to see if her profile is still logged on to the TS. Also, run a RSOP.

http://www.microsoft.com/windowsxp/using/setup/expert/rsop.mspx
0
 

Author Comment

by:itpcg
ID: 21879136
Thanks for the suggestions, I checked and her profile is not logged in remotely and I ran the RSoP and it came back with no applied GPO's that would cause this.

The GPO for the ts sessions is being run off the files/AD server. There was a security group created that allows a TS session to have full control. I tried adding her to that to see if her profile opened up, but it was still locked down locally. Remotely she had more access. I have since removed her from that group.

Very odd, it was working fine mid last week then Thursday or Friday somehow it did this.
0
 

Author Comment

by:itpcg
ID: 22091054
Been fighting with this a lot lately. I has been happening more frequently with no reason I can detect. 3 people had this affect them in 1 week, then I rebooted the DC and the 3 profiles were back to normal, however we soon found 2 new people whose profiles became locked down. I have checked each of their security groups and permissions, etc and they are all correct. Again its happening to their profiles so when they log onto other machines, it follows them.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22091265
0
 

Author Comment

by:itpcg
ID: 22124718
Thanks for the suggestion but I came to a resolution about this whole thing. These are the steps that worked
1. logging the user off the machine
2. logging in as an admin
3. putting them in another security group (such as taking off their TS lockdown policy)
4. running a gpudate /force
5.  then logging their profile on the TS, then logging off
6. removing them from the changed security group
7. having them log in normally

For some reason, following those steps will fix their problem. I'm still not sure why their profiles become like that. I have checked to make sure they aren't still logged onto the TS before this happens. Odd....
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22124732
Very Odd.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 23020741
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question