Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 293
  • Last Modified:

WinXP on sbs2003 domain reverting to previous logon profile

I was called out to remove a trojan from a user's PC, Windows XP Pro Sp3, with a domain join to a Windows 2003 R2 SBS server.  I removed the trojan with the bartpe boot disk and I logged back on as the user with the network cable disconnected, so in case other components of the trojan got left behind, it would not be able to contact the Internet to phone home to its buddies and download more malware.  With this offline logon, WIndows XP generated a new profile, and subsequent logons with the cable reconnected it now signs in with the new profile.  For now I simply copied all of the user's personal documents, favorites, and email settings to the new profile, and all is well.  However for future reference is there a way to force the workstation to use the original profile, assuming it was not damaged by the trojan?  Is the user profile "copy to" in system properties a safe bet?
0
eric3123
Asked:
eric3123
1 Solution
 
notacomputergeekCommented:
Try logging in as admin and delete the uneeded profile. If it's a roaming profile, you can delete all their local profiles and it will re-create it from the server, just as if they were logging into a different computer.
0
 
eric3123Author Commented:
I resolved it on my own.  Booting from a Bart PE Bootdisk, I recovered ntuser.dat from the System Recovery snapshots folder (C:\System Volume Information).  The saved registry file is in the form of a long guid string filename, however since only one user logged onto this pc it was easy to identify, restore and rename back to the user's profile folder, replacing the existing ntuser.dat, and resetting the attributes to hidden.

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now