Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 363
  • Last Modified:

Roaming Profile not found when user is not admin of their laptop

I am a network admin for our network of 40 workstations. They are all joined to our domain that runs on a SBS Server 2003. AD is enabled and I use it to lock settings down, configure settings on the machines, etc. I didn't setup all of the workstations so I think that's why some of them act weird when I remove them from the local admin group. All my users are in the Domain User's group. this group is added to the local users group on each workstation and laptop. When I setup a machine I use the SBS wizards to add the PC to the server. Then use the "connectcomputer" command at the workstation using a browser.  Also, roaming profiles are enabled when the user logs in. On a couple of laptops the user is also in the local admin group on their PC which I don't want. I want to lock the machines down by only having them in the Users group so they can't install stuff, make changes, etc. But, when I remove these two users from the local admin group and they try to login, they get a small window telling them their roaming profile cannot be found. There is a 30 sec timer in this window. They can click OK to close it but then windows builds a temp profile without any of their settings. If I add them back to the local admin group they can login just fine and the roaming profile loads OK. All the rest of my workstations have no problem logging in belonging to the local users group and get their roaming profile. Even if they login on another PC they get their profile. On the server, I have checked the permissions of their profile against others that have no problem and the permissions seem to be the same. When I build a new user one of the settings I enable is adding the domain admin to the profile so I can view the profiles. Initially when I took over at this company, even the domain admin could not view the profiles on the server. I fixed all of them by changing their permissions to match the ones that the wizard had added the domain admin to. Where do I begin to look for the problem on the two machines that can't find the roaming profile when removed from the local admin group? Is it something on the laptop or the server?
0
KellyOConnor
Asked:
KellyOConnor
  • 6
  • 5
1 Solution
 
samiam41Commented:
You could always take their profile, backup all of the settings (favs, docs, desktops, etc...) and blow away the profiles.  Then, remove them from the local admin and into the group you want.  Next, have them log in and restore their settings from backup.

You are smart to get them out of the local admin group.
0
 
KellyOConnorAuthor Commented:
Thanks for the comment samiam41, I am hoping not to have to resort to that but if no other solutions come in, have considered it. Both of these users have extreme profiles that would take a lot to rebuild. Also, it has been about 5 years since I posted in EE and as far as giving out points I may mess up.
0
 
samiam41Commented:
: )  This is a great place to post and no worries about the points.  

Here is an article from MS explaining roaming profiles and permissions.  This may explain why you are running into this problem.  I'll keep looking for more info.

http://technet.microsoft.com/en-us/library/cc737633.aspx
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
samiam41Commented:
When you change the permissons on those user's roaming profile, make sure that you verify the user account remains the owner of their profile.  I see some problems that could occur from reading this article after the MS one I just posted.

http://computertips.toups.info/roaming/RoamingXPPro.htm
0
 
KellyOConnorAuthor Commented:
Thanks again, Sam.... I will do some reading. I won't be able to experiment until next week when I get back to work. I did compare, on the server, the permissions of the "broken" user's profile folder against a "working" users profile folder and they are identical. Each user is owner of their profile folder, and have full permissions to it. I am going to guess it is a permissions problem somehow but it may be one of those problems where I have to delete a profile and allow it to rebuild on the server or something like that. I will keep this question updated as I find out anything or actually get it fixed. One of the users is a manager and doesn't like to do without his machine much at all but I have another user that should be able to loan me his laptop so I can experiment with settings and then try to login after removing them from the local admin group.
0
 
samiam41Commented:
Perfect.  I will continue to monitor this for your updates.  I'll try to find some additional info and solutions that may be better then what was already presented.  Good luck.
0
 
KellyOConnorAuthor Commented:
Didn't have time today to take a look at this problem or try any of the solutions. I have a lot to do at work. Please give me a few days to get to it. I promise I will reply within a few days.
0
 
samiam41Commented:
Take your time bro.  We all understand the too much to do, not enough time.  We'll be here.
0
 
KellyOConnorAuthor Commented:
SamIam, I didn't have time to try any of the suggestions this week. Maybe the upcoming week will give me some time. Should I just award the points so I don't keep this question open so long? I'm sure one of the suggestions will work, just finding the time to try. Let me know...
0
 
KellyOConnorAuthor Commented:
I finally got time to fix this problem. It turns out that on both of these user's laptops, under documents and settings\%userprofile%   they had a few folders they had either created or copied from another machine that did not have correct permissions. When I removed them from the administrators local group, the roaming profile could not update properly and the failure of the roaming profile happened. What I didn't know is that they were getting two error boxes right after login. The first was an error about the particular folder that didn't have permissions. This showed me which folders had the wrong permissions. The second error was the normal "Windows could not find the roaming profile" error with the timer. Once I applied the proper permissions (I added the user to the folder's permissions) the roaming profile worked properly. My final question is: Do I still award the points to you since you did help me?
0
 
samiam41Commented:
Thank you for the points and grade.  Glad the issue got resolved!  Take care!
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now