Solved

WinXP on sbs2003 domain reverting to previous logon profile

Posted on 2009-05-20
2
290 Views
Last Modified: 2012-05-07
I was called out to remove a trojan from a user's PC, Windows XP Pro Sp3, with a domain join to a Windows 2003 R2 SBS server.  I removed the trojan with the bartpe boot disk and I logged back on as the user with the network cable disconnected, so in case other components of the trojan got left behind, it would not be able to contact the Internet to phone home to its buddies and download more malware.  With this offline logon, WIndows XP generated a new profile, and subsequent logons with the cable reconnected it now signs in with the new profile.  For now I simply copied all of the user's personal documents, favorites, and email settings to the new profile, and all is well.  However for future reference is there a way to force the workstation to use the original profile, assuming it was not damaged by the trojan?  Is the user profile "copy to" in system properties a safe bet?
0
Comment
Question by:eric3123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Expert Comment

by:notacomputergeek
ID: 24433576
Try logging in as admin and delete the uneeded profile. If it's a roaming profile, you can delete all their local profiles and it will re-create it from the server, just as if they were logging into a different computer.
0
 

Accepted Solution

by:
eric3123 earned 0 total points
ID: 24488341
I resolved it on my own.  Booting from a Bart PE Bootdisk, I recovered ntuser.dat from the System Recovery snapshots folder (C:\System Volume Information).  The saved registry file is in the form of a long guid string filename, however since only one user logged onto this pc it was easy to identify, restore and rename back to the user's profile folder, replacing the existing ntuser.dat, and resetting the attributes to hidden.

0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question