[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Domain login profile copy required

Posted on 2009-04-15
8
Medium Priority
?
486 Views
Last Modified: 2012-05-06
We have people who work remotely (Xp Pro) and connect up post login via a VPN connection.  When a new user starts we need them to be able to log into the laptop as their new login without coming into the office/logging onto the network.  We can establish a VPN under another user account to administer the computer.  "Log on using dial-up connection" is not an option as we use 2 factor RSA token authentication and our VPN Client vendor does not support this method of authentication pre-login.

How do we get the users profile onto a machine?  Is it possible to create a cached account on a local machine in the office and copy it across?

We cannot simply copy the users logon directory as we need the users cached password copied across as well.  The account the user uses to authenticate must be a domain account and not a local one.

Suggestions please.
0
Comment
Question by:agtechnicalservices
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 20

Expert Comment

by:MightySW
ID: 24148797
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 2000 total points
ID: 24149195
Once another user logs in, just have them go to c:\program files\internet explorer, and Rt Click Iexplore.exe, and do a RunAs, with thier connection....

Should create, and cache a new profile for them under D&S......
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 24149262
Oh, and this probably goes without saying, but I will anyway.....

You need to be connected to the domain, either via a post login VPN connection, or a live office network connection....
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:agtechnicalservices
ID: 24149295
Thank you for the suggestion HTH.  I suspect my requirements may not be clear.  Your suggestion is a utility for copying the profile of a user (icons, desktop wallpaper etc), it does not look to include copying of the password (hash?) and SSID.

For Example
If you ran this utility on a machine domain "User A" had logged on to, copied the output via a USB pen drive onto a new machine domain "User A" had never logged onto using your own administrative login and then disconnected the machine from the network you would not be able to log in with domain "User A" cached authentication credentials.

In the scenario above a successful solution would be one that allowed me to log in locally as domain User A once disconnected from the network without ever previously logging in with domain User A credentials to the new computer.
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24149415
Not sure, but I do not see how this is possible.  You add the computer to the network yes?  And then you want an unknown user to be able to authenticate to the domain (offline)?  Essentially it seems that this is what you are asking.  Without a domain user profile on that machine, then logging on will create a temporary profile for that user.  Once the computer is back on the domain, it will recognize the user as legitimate and then change the profile.  In theory...

John?  Any suggestions on this?
0
 

Author Comment

by:agtechnicalservices
ID: 24149627
John - you are a star!  Points and gratitude to you sir!

HTH - thanks for your help.  Johns suggestion allows me to cache the new users credentials on the new machine without ever logging on (via the Xp Gina) as them.  I can establish a VPN connection as an administrative account post login and then "run as" the new user account which caches the domain login credentials locally so when the new user logs in (via the Xp Gina) off-line for the first time it works.
0
 

Author Closing Comment

by:agtechnicalservices
ID: 31570489
John - you are a star!  Points and gratitude to you sir!

Johns suggestion allows me to cache the new users credentials on the new machine without ever logging on (via the Xp Gina) as them.  I can establish a VPN connection as an administrative account post login and then "run as" the new user account which caches the domain login credentials locally so when the new user logs in (via the Xp Gina) off-line for the first time it works.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 24154349
"John?  Any suggestions on this?"

In the example above, it would just be a profile with a matching name, but nothing in the registry for the cached domain credentials to be authenticated against under HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 through NL$10. Therefore it wont ever be authenticated offline.

"Without a domain user profile on that machine, then logging on will create a temporary profile for that user.  Once the computer is back on the domain, it will recognize the user as legitimate and then change the profile.  In theory..."

Without a cached account to authenticate, they shouldnt ever get logged on to even get a TEMP profile. So I think the rest of that train of thought is irrelevant, and not to mention that I think youre thoughts of it working that way, of being impossible, is spot on.

:^)
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question