Domain user has locked down profile unexpectedly

This has happened once before many months ago. In our office everyone had a working profile with the ability to shut down their own machines. One day, one user's profile was somehow "locked down" a bit. The user could not access her favorites in IE, and when clicking the start button, would see a slimmed down menu. She also could not shut down her machine, only Log Off was an option. And when opening up My Computer, it was empty. Nothing in her AD profile has been changed.

It was very similar to a terminal session when logging on remotely. We had configured security so that users could not inadvertantly cause harm to the TS. But this setting seems to be applying to domain users when they are in our office. Is there a setting I am missing? Before we ended up just recreating her profile. Is there an easier way? Thanks in advance
itpcgAsked:
Who is Participating?
 
Computer101Connect With a Mentor Commented:
PAQed with no points refunded (of 500)

Computer101
EE Admin
0
 
Andres PeralesCommented:
Check to see if there is a GPO applied to her account / machine inadvertinly
0
 
Darius GhassemCommented:
Where are you applying the GPO for the terminal service session?
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
itpcgAuthor Commented:
Nope, not that I see. She's just a domain user and in certain security groups for directory access but those are the same ones I am a part of. It's not her machine b/c I can log in with my profile and get a normal setup. I can log her into other machines and still get her locked down profile. Thanks for the suggestion, got anymore?
0
 
Andres PeralesCommented:
Then there is an GPO or policy set against her user account, if she logs on to another machine and still get a locked down enviroment.
0
 
Darius GhassemCommented:
Try to see if her profile is still logged on to the TS. Also, run a RSOP.

http://www.microsoft.com/windowsxp/using/setup/expert/rsop.mspx
0
 
itpcgAuthor Commented:
Thanks for the suggestions, I checked and her profile is not logged in remotely and I ran the RSoP and it came back with no applied GPO's that would cause this.

The GPO for the ts sessions is being run off the files/AD server. There was a security group created that allows a TS session to have full control. I tried adding her to that to see if her profile opened up, but it was still locked down locally. Remotely she had more access. I have since removed her from that group.

Very odd, it was working fine mid last week then Thursday or Friday somehow it did this.
0
 
itpcgAuthor Commented:
Been fighting with this a lot lately. I has been happening more frequently with no reason I can detect. 3 people had this affect them in 1 week, then I rebooted the DC and the 3 profiles were back to normal, however we soon found 2 new people whose profiles became locked down. I have checked each of their security groups and permissions, etc and they are all correct. Again its happening to their profiles so when they log onto other machines, it follows them.
0
 
itpcgAuthor Commented:
Thanks for the suggestion but I came to a resolution about this whole thing. These are the steps that worked
1. logging the user off the machine
2. logging in as an admin
3. putting them in another security group (such as taking off their TS lockdown policy)
4. running a gpudate /force
5.  then logging their profile on the TS, then logging off
6. removing them from the changed security group
7. having them log in normally

For some reason, following those steps will fix their problem. I'm still not sure why their profiles become like that. I have checked to make sure they aren't still logged onto the TS before this happens. Odd....
0
 
Darius GhassemCommented:
Very Odd.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.