Solved

Domain user has locked down profile unexpectedly

Posted on 2008-06-23
12
286 Views
Last Modified: 2008-11-22
This has happened once before many months ago. In our office everyone had a working profile with the ability to shut down their own machines. One day, one user's profile was somehow "locked down" a bit. The user could not access her favorites in IE, and when clicking the start button, would see a slimmed down menu. She also could not shut down her machine, only Log Off was an option. And when opening up My Computer, it was empty. Nothing in her AD profile has been changed.

It was very similar to a terminal session when logging on remotely. We had configured security so that users could not inadvertantly cause harm to the TS. But this setting seems to be applying to domain users when they are in our office. Is there a setting I am missing? Before we ended up just recreating her profile. Is there an easier way? Thanks in advance
0
Comment
Question by:itpcg
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 21848783
Check to see if there is a GPO applied to her account / machine inadvertinly
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21848847
Where are you applying the GPO for the terminal service session?
0
 

Author Comment

by:itpcg
ID: 21848867
Nope, not that I see. She's just a domain user and in certain security groups for directory access but those are the same ones I am a part of. It's not her machine b/c I can log in with my profile and get a normal setup. I can log her into other machines and still get her locked down profile. Thanks for the suggestion, got anymore?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 17

Expert Comment

by:Andres Perales
ID: 21848892
Then there is an GPO or policy set against her user account, if she logs on to another machine and still get a locked down enviroment.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21848923
Try to see if her profile is still logged on to the TS. Also, run a RSOP.

http://www.microsoft.com/windowsxp/using/setup/expert/rsop.mspx
0
 

Author Comment

by:itpcg
ID: 21879136
Thanks for the suggestions, I checked and her profile is not logged in remotely and I ran the RSoP and it came back with no applied GPO's that would cause this.

The GPO for the ts sessions is being run off the files/AD server. There was a security group created that allows a TS session to have full control. I tried adding her to that to see if her profile opened up, but it was still locked down locally. Remotely she had more access. I have since removed her from that group.

Very odd, it was working fine mid last week then Thursday or Friday somehow it did this.
0
 

Author Comment

by:itpcg
ID: 22091054
Been fighting with this a lot lately. I has been happening more frequently with no reason I can detect. 3 people had this affect them in 1 week, then I rebooted the DC and the 3 profiles were back to normal, however we soon found 2 new people whose profiles became locked down. I have checked each of their security groups and permissions, etc and they are all correct. Again its happening to their profiles so when they log onto other machines, it follows them.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22091265
0
 

Author Comment

by:itpcg
ID: 22124718
Thanks for the suggestion but I came to a resolution about this whole thing. These are the steps that worked
1. logging the user off the machine
2. logging in as an admin
3. putting them in another security group (such as taking off their TS lockdown policy)
4. running a gpudate /force
5.  then logging their profile on the TS, then logging off
6. removing them from the changed security group
7. having them log in normally

For some reason, following those steps will fix their problem. I'm still not sure why their profiles become like that. I have checked to make sure they aren't still logged onto the TS before this happens. Odd....
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22124732
Very Odd.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 23020741
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question