Solved

Roaming Profile not found when user is not admin of their laptop

Posted on 2009-04-04
11
360 Views
Last Modified: 2012-05-06
I am a network admin for our network of 40 workstations. They are all joined to our domain that runs on a SBS Server 2003. AD is enabled and I use it to lock settings down, configure settings on the machines, etc. I didn't setup all of the workstations so I think that's why some of them act weird when I remove them from the local admin group. All my users are in the Domain User's group. this group is added to the local users group on each workstation and laptop. When I setup a machine I use the SBS wizards to add the PC to the server. Then use the "connectcomputer" command at the workstation using a browser.  Also, roaming profiles are enabled when the user logs in. On a couple of laptops the user is also in the local admin group on their PC which I don't want. I want to lock the machines down by only having them in the Users group so they can't install stuff, make changes, etc. But, when I remove these two users from the local admin group and they try to login, they get a small window telling them their roaming profile cannot be found. There is a 30 sec timer in this window. They can click OK to close it but then windows builds a temp profile without any of their settings. If I add them back to the local admin group they can login just fine and the roaming profile loads OK. All the rest of my workstations have no problem logging in belonging to the local users group and get their roaming profile. Even if they login on another PC they get their profile. On the server, I have checked the permissions of their profile against others that have no problem and the permissions seem to be the same. When I build a new user one of the settings I enable is adding the domain admin to the profile so I can view the profiles. Initially when I took over at this company, even the domain admin could not view the profiles on the server. I fixed all of them by changing their permissions to match the ones that the wizard had added the domain admin to. Where do I begin to look for the problem on the two machines that can't find the roaming profile when removed from the local admin group? Is it something on the laptop or the server?
0
Comment
Question by:KellyOConnor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 9

Expert Comment

by:samiam41
ID: 24069930
You could always take their profile, backup all of the settings (favs, docs, desktops, etc...) and blow away the profiles.  Then, remove them from the local admin and into the group you want.  Next, have them log in and restore their settings from backup.

You are smart to get them out of the local admin group.
0
 

Author Comment

by:KellyOConnor
ID: 24069974
Thanks for the comment samiam41, I am hoping not to have to resort to that but if no other solutions come in, have considered it. Both of these users have extreme profiles that would take a lot to rebuild. Also, it has been about 5 years since I posted in EE and as far as giving out points I may mess up.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24070096
: )  This is a great place to post and no worries about the points.  

Here is an article from MS explaining roaming profiles and permissions.  This may explain why you are running into this problem.  I'll keep looking for more info.

http://technet.microsoft.com/en-us/library/cc737633.aspx
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 9

Accepted Solution

by:
samiam41 earned 250 total points
ID: 24070107
When you change the permissons on those user's roaming profile, make sure that you verify the user account remains the owner of their profile.  I see some problems that could occur from reading this article after the MS one I just posted.

http://computertips.toups.info/roaming/RoamingXPPro.htm
0
 

Author Comment

by:KellyOConnor
ID: 24071575
Thanks again, Sam.... I will do some reading. I won't be able to experiment until next week when I get back to work. I did compare, on the server, the permissions of the "broken" user's profile folder against a "working" users profile folder and they are identical. Each user is owner of their profile folder, and have full permissions to it. I am going to guess it is a permissions problem somehow but it may be one of those problems where I have to delete a profile and allow it to rebuild on the server or something like that. I will keep this question updated as I find out anything or actually get it fixed. One of the users is a manager and doesn't like to do without his machine much at all but I have another user that should be able to loan me his laptop so I can experiment with settings and then try to login after removing them from the local admin group.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24072945
Perfect.  I will continue to monitor this for your updates.  I'll try to find some additional info and solutions that may be better then what was already presented.  Good luck.
0
 

Author Comment

by:KellyOConnor
ID: 24082912
Didn't have time today to take a look at this problem or try any of the solutions. I have a lot to do at work. Please give me a few days to get to it. I promise I will reply within a few days.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24092708
Take your time bro.  We all understand the too much to do, not enough time.  We'll be here.
0
 

Author Comment

by:KellyOConnor
ID: 24126453
SamIam, I didn't have time to try any of the suggestions this week. Maybe the upcoming week will give me some time. Should I just award the points so I don't keep this question open so long? I'm sure one of the suggestions will work, just finding the time to try. Let me know...
0
 

Author Comment

by:KellyOConnor
ID: 24156656
I finally got time to fix this problem. It turns out that on both of these user's laptops, under documents and settings\%userprofile%   they had a few folders they had either created or copied from another machine that did not have correct permissions. When I removed them from the administrators local group, the roaming profile could not update properly and the failure of the roaming profile happened. What I didn't know is that they were getting two error boxes right after login. The first was an error about the particular folder that didn't have permissions. This showed me which folders had the wrong permissions. The second error was the normal "Windows could not find the roaming profile" error with the timer. Once I applied the proper permissions (I added the user to the folder's permissions) the roaming profile worked properly. My final question is: Do I still award the points to you since you did help me?
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24200270
Thank you for the points and grade.  Glad the issue got resolved!  Take care!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question