Solved

Domain user has locked down profile unexpectedly

Posted on 2008-06-23
12
261 Views
Last Modified: 2008-11-22
This has happened once before many months ago. In our office everyone had a working profile with the ability to shut down their own machines. One day, one user's profile was somehow "locked down" a bit. The user could not access her favorites in IE, and when clicking the start button, would see a slimmed down menu. She also could not shut down her machine, only Log Off was an option. And when opening up My Computer, it was empty. Nothing in her AD profile has been changed.

It was very similar to a terminal session when logging on remotely. We had configured security so that users could not inadvertantly cause harm to the TS. But this setting seems to be applying to domain users when they are in our office. Is there a setting I am missing? Before we ended up just recreating her profile. Is there an easier way? Thanks in advance
0
Comment
Question by:itpcg
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 21848783
Check to see if there is a GPO applied to her account / machine inadvertinly
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21848847
Where are you applying the GPO for the terminal service session?
0
 

Author Comment

by:itpcg
ID: 21848867
Nope, not that I see. She's just a domain user and in certain security groups for directory access but those are the same ones I am a part of. It's not her machine b/c I can log in with my profile and get a normal setup. I can log her into other machines and still get her locked down profile. Thanks for the suggestion, got anymore?
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 21848892
Then there is an GPO or policy set against her user account, if she logs on to another machine and still get a locked down enviroment.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21848923
Try to see if her profile is still logged on to the TS. Also, run a RSOP.

http://www.microsoft.com/windowsxp/using/setup/expert/rsop.mspx
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:itpcg
ID: 21879136
Thanks for the suggestions, I checked and her profile is not logged in remotely and I ran the RSoP and it came back with no applied GPO's that would cause this.

The GPO for the ts sessions is being run off the files/AD server. There was a security group created that allows a TS session to have full control. I tried adding her to that to see if her profile opened up, but it was still locked down locally. Remotely she had more access. I have since removed her from that group.

Very odd, it was working fine mid last week then Thursday or Friday somehow it did this.
0
 

Author Comment

by:itpcg
ID: 22091054
Been fighting with this a lot lately. I has been happening more frequently with no reason I can detect. 3 people had this affect them in 1 week, then I rebooted the DC and the 3 profiles were back to normal, however we soon found 2 new people whose profiles became locked down. I have checked each of their security groups and permissions, etc and they are all correct. Again its happening to their profiles so when they log onto other machines, it follows them.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22091265
0
 

Author Comment

by:itpcg
ID: 22124718
Thanks for the suggestion but I came to a resolution about this whole thing. These are the steps that worked
1. logging the user off the machine
2. logging in as an admin
3. putting them in another security group (such as taking off their TS lockdown policy)
4. running a gpudate /force
5.  then logging their profile on the TS, then logging off
6. removing them from the changed security group
7. having them log in normally

For some reason, following those steps will fix their problem. I'm still not sure why their profiles become like that. I have checked to make sure they aren't still logged onto the TS before this happens. Odd....
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22124732
Very Odd.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 23020741
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now