Solved

"User Shell Folders" messed up by default in registry. Where to modify in AD ?

Posted on 2009-04-07
5
771 Views
Last Modified: 2012-05-06
Hello,

When I create a new user (in an W2K3 AD), it seems to give wrong values in this user's profile.
I don't know where to check in AD - I'm pretty new in AD environments

The user can't create anything on his desktop for example.
I found out the registry entries in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" were pretty bad: instead of having standard %USERPROFILE%\blah directories, some of them (example : Desktop, Personal) contain a wrong path, like D:\blah\user.
When I correct it manually on a computer, everything runs fine again.

Where can I check/fix this in the AD?

thank you
0
Comment
Question by:mchkorg
  • 3
  • 2
5 Comments
 
LVL 27

Expert Comment

by:bluntTony
ID: 24087008
Are you using local or romaing profiles? It sounds like there are some folder redirection policies being applied to the users in group policy maybe?
On an affected machine, open a blank mmc (Start | Run | mmc). Add the Resultant Set of Policy snap in (File | Add/Remove Snap-in). Then right click the 'resultant set of policy' node in the tree view and select 'Generate RSoP data'
Remember you need to generate the RSoP data for an affected user on that machine, not your user. The resulting query will basically show all the policy settings applied to the machine/user. Navigate to :
User Configuration | Windows Settings | Folder Redirection | Desktop
Are there any settings specified here for folder paths? The problem is, if the settings are applied via group policy, your changes in regedit will be wiped once the user logs off/on again, so you need to change this at the group policy level.
0
 
LVL 7

Author Comment

by:mchkorg
ID: 24087228
Ok, something sure is after reconnection, the correct values are still there.

Something else: one of the affected user has been created by copying an existing one. I think we are just "transporting" some wrong settings from one user to another when copying. Our AD admin creates new users by copying existing ones to get some settings more easily. The mistakes also, I guess...
I'll investigate further with the admin in charge here

And I'll test your first advices and let you know
Thank,
0
 
LVL 7

Author Comment

by:mchkorg
ID: 24087311
Ok, I can't go further than User Configuration > Windows Settings
(no "Folder Redirection")
Sorry, the question is dummy (I'm new to AD), does that mean I don't overwrite anything via GPO for this parameter?
In that cast, I'm just having a problem due to a bad profile that has been copied and copied again?
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
ID: 24089931
OK, sounds like it may be the issue with the copying of profiles. Really you want to have a new profile built for each new user rather than copying the settings from one machine to another.
What happens if you literally just create a new user in AD and then log on as that user to a workstation. If group policy isn't doing anything, you should be OK.

If you need to configure an initial user desktop for users when they first log in, you can configure a Default User profile so that they get a specific setup first of all. They can then edit this to suit their needs. For this to apply to all users, you can store it in the NETLOGON share of your domain controller. The users will all get this initial profile.

Follow these steps: http://technet.microsoft.com/en-us/library/cc780839.aspx, and create a new user. Log on with this new account and you should get the desktop you just configured, and shouldn't be having the issues you currently are.
This should resolve your issues for new users, although the current users will still have to be fixed. Now you could script this if you've got loads of users, but if you've only got a couple it's probably not worth it.
 
 
0
 
LVL 7

Author Closing Comment

by:mchkorg
ID: 31567466
Thanks for all
0

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now