Solved

Roaming Profile not found when user is not admin of their laptop

Posted on 2009-04-04
11
352 Views
Last Modified: 2012-05-06
I am a network admin for our network of 40 workstations. They are all joined to our domain that runs on a SBS Server 2003. AD is enabled and I use it to lock settings down, configure settings on the machines, etc. I didn't setup all of the workstations so I think that's why some of them act weird when I remove them from the local admin group. All my users are in the Domain User's group. this group is added to the local users group on each workstation and laptop. When I setup a machine I use the SBS wizards to add the PC to the server. Then use the "connectcomputer" command at the workstation using a browser.  Also, roaming profiles are enabled when the user logs in. On a couple of laptops the user is also in the local admin group on their PC which I don't want. I want to lock the machines down by only having them in the Users group so they can't install stuff, make changes, etc. But, when I remove these two users from the local admin group and they try to login, they get a small window telling them their roaming profile cannot be found. There is a 30 sec timer in this window. They can click OK to close it but then windows builds a temp profile without any of their settings. If I add them back to the local admin group they can login just fine and the roaming profile loads OK. All the rest of my workstations have no problem logging in belonging to the local users group and get their roaming profile. Even if they login on another PC they get their profile. On the server, I have checked the permissions of their profile against others that have no problem and the permissions seem to be the same. When I build a new user one of the settings I enable is adding the domain admin to the profile so I can view the profiles. Initially when I took over at this company, even the domain admin could not view the profiles on the server. I fixed all of them by changing their permissions to match the ones that the wizard had added the domain admin to. Where do I begin to look for the problem on the two machines that can't find the roaming profile when removed from the local admin group? Is it something on the laptop or the server?
0
Comment
Question by:KellyOConnor
  • 6
  • 5
11 Comments
 
LVL 9

Expert Comment

by:samiam41
ID: 24069930
You could always take their profile, backup all of the settings (favs, docs, desktops, etc...) and blow away the profiles.  Then, remove them from the local admin and into the group you want.  Next, have them log in and restore their settings from backup.

You are smart to get them out of the local admin group.
0
 

Author Comment

by:KellyOConnor
ID: 24069974
Thanks for the comment samiam41, I am hoping not to have to resort to that but if no other solutions come in, have considered it. Both of these users have extreme profiles that would take a lot to rebuild. Also, it has been about 5 years since I posted in EE and as far as giving out points I may mess up.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24070096
: )  This is a great place to post and no worries about the points.  

Here is an article from MS explaining roaming profiles and permissions.  This may explain why you are running into this problem.  I'll keep looking for more info.

http://technet.microsoft.com/en-us/library/cc737633.aspx
0
 
LVL 9

Accepted Solution

by:
samiam41 earned 250 total points
ID: 24070107
When you change the permissons on those user's roaming profile, make sure that you verify the user account remains the owner of their profile.  I see some problems that could occur from reading this article after the MS one I just posted.

http://computertips.toups.info/roaming/RoamingXPPro.htm
0
 

Author Comment

by:KellyOConnor
ID: 24071575
Thanks again, Sam.... I will do some reading. I won't be able to experiment until next week when I get back to work. I did compare, on the server, the permissions of the "broken" user's profile folder against a "working" users profile folder and they are identical. Each user is owner of their profile folder, and have full permissions to it. I am going to guess it is a permissions problem somehow but it may be one of those problems where I have to delete a profile and allow it to rebuild on the server or something like that. I will keep this question updated as I find out anything or actually get it fixed. One of the users is a manager and doesn't like to do without his machine much at all but I have another user that should be able to loan me his laptop so I can experiment with settings and then try to login after removing them from the local admin group.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 9

Expert Comment

by:samiam41
ID: 24072945
Perfect.  I will continue to monitor this for your updates.  I'll try to find some additional info and solutions that may be better then what was already presented.  Good luck.
0
 

Author Comment

by:KellyOConnor
ID: 24082912
Didn't have time today to take a look at this problem or try any of the solutions. I have a lot to do at work. Please give me a few days to get to it. I promise I will reply within a few days.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24092708
Take your time bro.  We all understand the too much to do, not enough time.  We'll be here.
0
 

Author Comment

by:KellyOConnor
ID: 24126453
SamIam, I didn't have time to try any of the suggestions this week. Maybe the upcoming week will give me some time. Should I just award the points so I don't keep this question open so long? I'm sure one of the suggestions will work, just finding the time to try. Let me know...
0
 

Author Comment

by:KellyOConnor
ID: 24156656
I finally got time to fix this problem. It turns out that on both of these user's laptops, under documents and settings\%userprofile%   they had a few folders they had either created or copied from another machine that did not have correct permissions. When I removed them from the administrators local group, the roaming profile could not update properly and the failure of the roaming profile happened. What I didn't know is that they were getting two error boxes right after login. The first was an error about the particular folder that didn't have permissions. This showed me which folders had the wrong permissions. The second error was the normal "Windows could not find the roaming profile" error with the timer. Once I applied the proper permissions (I added the user to the folder's permissions) the roaming profile worked properly. My final question is: Do I still award the points to you since you did help me?
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24200270
Thank you for the points and grade.  Glad the issue got resolved!  Take care!
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now