Roaming Profile not found when user is not admin of their laptop
Posted on 2009-04-04
I am a network admin for our network of 40 workstations. They are all joined to our domain that runs on a SBS Server 2003. AD is enabled and I use it to lock settings down, configure settings on the machines, etc. I didn't setup all of the workstations so I think that's why some of them act weird when I remove them from the local admin group. All my users are in the Domain User's group. this group is added to the local users group on each workstation and laptop. When I setup a machine I use the SBS wizards to add the PC to the server. Then use the "connectcomputer" command at the workstation using a browser. Also, roaming profiles are enabled when the user logs in. On a couple of laptops the user is also in the local admin group on their PC which I don't want. I want to lock the machines down by only having them in the Users group so they can't install stuff, make changes, etc. But, when I remove these two users from the local admin group and they try to login, they get a small window telling them their roaming profile cannot be found. There is a 30 sec timer in this window. They can click OK to close it but then windows builds a temp profile without any of their settings. If I add them back to the local admin group they can login just fine and the roaming profile loads OK. All the rest of my workstations have no problem logging in belonging to the local users group and get their roaming profile. Even if they login on another PC they get their profile. On the server, I have checked the permissions of their profile against others that have no problem and the permissions seem to be the same. When I build a new user one of the settings I enable is adding the domain admin to the profile so I can view the profiles. Initially when I took over at this company, even the domain admin could not view the profiles on the server. I fixed all of them by changing their permissions to match the ones that the wizard had added the domain admin to. Where do I begin to look for the problem on the two machines that can't find the roaming profile when removed from the local admin group? Is it something on the laptop or the server?