?
Solved

"User Shell Folders" messed up by default in registry. Where to modify in AD ?

Posted on 2009-04-07
5
Medium Priority
?
808 Views
Last Modified: 2012-05-06
Hello,

When I create a new user (in an W2K3 AD), it seems to give wrong values in this user's profile.
I don't know where to check in AD - I'm pretty new in AD environments

The user can't create anything on his desktop for example.
I found out the registry entries in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" were pretty bad: instead of having standard %USERPROFILE%\blah directories, some of them (example : Desktop, Personal) contain a wrong path, like D:\blah\user.
When I correct it manually on a computer, everything runs fine again.

Where can I check/fix this in the AD?

thank you
0
Comment
Question by:mchkorg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 27

Expert Comment

by:bluntTony
ID: 24087008
Are you using local or romaing profiles? It sounds like there are some folder redirection policies being applied to the users in group policy maybe?
On an affected machine, open a blank mmc (Start | Run | mmc). Add the Resultant Set of Policy snap in (File | Add/Remove Snap-in). Then right click the 'resultant set of policy' node in the tree view and select 'Generate RSoP data'
Remember you need to generate the RSoP data for an affected user on that machine, not your user. The resulting query will basically show all the policy settings applied to the machine/user. Navigate to :
User Configuration | Windows Settings | Folder Redirection | Desktop
Are there any settings specified here for folder paths? The problem is, if the settings are applied via group policy, your changes in regedit will be wiped once the user logs off/on again, so you need to change this at the group policy level.
0
 
LVL 7

Author Comment

by:mchkorg
ID: 24087228
Ok, something sure is after reconnection, the correct values are still there.

Something else: one of the affected user has been created by copying an existing one. I think we are just "transporting" some wrong settings from one user to another when copying. Our AD admin creates new users by copying existing ones to get some settings more easily. The mistakes also, I guess...
I'll investigate further with the admin in charge here

And I'll test your first advices and let you know
Thank,
0
 
LVL 7

Author Comment

by:mchkorg
ID: 24087311
Ok, I can't go further than User Configuration > Windows Settings
(no "Folder Redirection")
Sorry, the question is dummy (I'm new to AD), does that mean I don't overwrite anything via GPO for this parameter?
In that cast, I'm just having a problem due to a bad profile that has been copied and copied again?
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 2000 total points
ID: 24089931
OK, sounds like it may be the issue with the copying of profiles. Really you want to have a new profile built for each new user rather than copying the settings from one machine to another.
What happens if you literally just create a new user in AD and then log on as that user to a workstation. If group policy isn't doing anything, you should be OK.

If you need to configure an initial user desktop for users when they first log in, you can configure a Default User profile so that they get a specific setup first of all. They can then edit this to suit their needs. For this to apply to all users, you can store it in the NETLOGON share of your domain controller. The users will all get this initial profile.

Follow these steps: http://technet.microsoft.com/en-us/library/cc780839.aspx, and create a new user. Log on with this new account and you should get the desktop you just configured, and shouldn't be having the issues you currently are.
This should resolve your issues for new users, although the current users will still have to be fixed. Now you could script this if you've got loads of users, but if you've only got a couple it's probably not worth it.
 
 
0
 
LVL 7

Author Closing Comment

by:mchkorg
ID: 31567466
Thanks for all
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question