Solved

Roaming Profile not found when user is not admin of their laptop

Posted on 2009-04-04
11
354 Views
Last Modified: 2012-05-06
I am a network admin for our network of 40 workstations. They are all joined to our domain that runs on a SBS Server 2003. AD is enabled and I use it to lock settings down, configure settings on the machines, etc. I didn't setup all of the workstations so I think that's why some of them act weird when I remove them from the local admin group. All my users are in the Domain User's group. this group is added to the local users group on each workstation and laptop. When I setup a machine I use the SBS wizards to add the PC to the server. Then use the "connectcomputer" command at the workstation using a browser.  Also, roaming profiles are enabled when the user logs in. On a couple of laptops the user is also in the local admin group on their PC which I don't want. I want to lock the machines down by only having them in the Users group so they can't install stuff, make changes, etc. But, when I remove these two users from the local admin group and they try to login, they get a small window telling them their roaming profile cannot be found. There is a 30 sec timer in this window. They can click OK to close it but then windows builds a temp profile without any of their settings. If I add them back to the local admin group they can login just fine and the roaming profile loads OK. All the rest of my workstations have no problem logging in belonging to the local users group and get their roaming profile. Even if they login on another PC they get their profile. On the server, I have checked the permissions of their profile against others that have no problem and the permissions seem to be the same. When I build a new user one of the settings I enable is adding the domain admin to the profile so I can view the profiles. Initially when I took over at this company, even the domain admin could not view the profiles on the server. I fixed all of them by changing their permissions to match the ones that the wizard had added the domain admin to. Where do I begin to look for the problem on the two machines that can't find the roaming profile when removed from the local admin group? Is it something on the laptop or the server?
0
Comment
Question by:KellyOConnor
  • 6
  • 5
11 Comments
 
LVL 9

Expert Comment

by:samiam41
ID: 24069930
You could always take their profile, backup all of the settings (favs, docs, desktops, etc...) and blow away the profiles.  Then, remove them from the local admin and into the group you want.  Next, have them log in and restore their settings from backup.

You are smart to get them out of the local admin group.
0
 

Author Comment

by:KellyOConnor
ID: 24069974
Thanks for the comment samiam41, I am hoping not to have to resort to that but if no other solutions come in, have considered it. Both of these users have extreme profiles that would take a lot to rebuild. Also, it has been about 5 years since I posted in EE and as far as giving out points I may mess up.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24070096
: )  This is a great place to post and no worries about the points.  

Here is an article from MS explaining roaming profiles and permissions.  This may explain why you are running into this problem.  I'll keep looking for more info.

http://technet.microsoft.com/en-us/library/cc737633.aspx
0
 
LVL 9

Accepted Solution

by:
samiam41 earned 250 total points
ID: 24070107
When you change the permissons on those user's roaming profile, make sure that you verify the user account remains the owner of their profile.  I see some problems that could occur from reading this article after the MS one I just posted.

http://computertips.toups.info/roaming/RoamingXPPro.htm
0
 

Author Comment

by:KellyOConnor
ID: 24071575
Thanks again, Sam.... I will do some reading. I won't be able to experiment until next week when I get back to work. I did compare, on the server, the permissions of the "broken" user's profile folder against a "working" users profile folder and they are identical. Each user is owner of their profile folder, and have full permissions to it. I am going to guess it is a permissions problem somehow but it may be one of those problems where I have to delete a profile and allow it to rebuild on the server or something like that. I will keep this question updated as I find out anything or actually get it fixed. One of the users is a manager and doesn't like to do without his machine much at all but I have another user that should be able to loan me his laptop so I can experiment with settings and then try to login after removing them from the local admin group.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 9

Expert Comment

by:samiam41
ID: 24072945
Perfect.  I will continue to monitor this for your updates.  I'll try to find some additional info and solutions that may be better then what was already presented.  Good luck.
0
 

Author Comment

by:KellyOConnor
ID: 24082912
Didn't have time today to take a look at this problem or try any of the solutions. I have a lot to do at work. Please give me a few days to get to it. I promise I will reply within a few days.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24092708
Take your time bro.  We all understand the too much to do, not enough time.  We'll be here.
0
 

Author Comment

by:KellyOConnor
ID: 24126453
SamIam, I didn't have time to try any of the suggestions this week. Maybe the upcoming week will give me some time. Should I just award the points so I don't keep this question open so long? I'm sure one of the suggestions will work, just finding the time to try. Let me know...
0
 

Author Comment

by:KellyOConnor
ID: 24156656
I finally got time to fix this problem. It turns out that on both of these user's laptops, under documents and settings\%userprofile%   they had a few folders they had either created or copied from another machine that did not have correct permissions. When I removed them from the administrators local group, the roaming profile could not update properly and the failure of the roaming profile happened. What I didn't know is that they were getting two error boxes right after login. The first was an error about the particular folder that didn't have permissions. This showed me which folders had the wrong permissions. The second error was the normal "Windows could not find the roaming profile" error with the timer. Once I applied the proper permissions (I added the user to the folder's permissions) the roaming profile worked properly. My final question is: Do I still award the points to you since you did help me?
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24200270
Thank you for the points and grade.  Glad the issue got resolved!  Take care!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now