[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Restircted Groups Profile Problems

Posted on 2010-01-05
Medium Priority
Last Modified: 2012-06-27
I've been implementing restricted groups within our domain, but have been running into a problem. A few users have had issues with their local profile after the restricted groups policy has been applied. After the GPO is applied and they reboot they are presented with a new profile. In order to correct the problem I have to give the user permissions to the original profile and then point the registry key back to the correct profile. I have been unable to determine why this is happening...

Any ideas on how to correct this?
Question by:brayn
  • 2

Expert Comment

ID: 26182035
What did you configure?
Does the problem occur for an user that doesn't get the policy applied?

Author Comment

ID: 26182358
I haven't configured the policy for everyone, just one group. The problem only affects that groups. I did some testing prior to pushing out the policy and had no problems. On the test computer I added a new user to AD, added domain users to the local admin group to replicate our current configuration. (I know, I know domain users as local admins are bad, but that is what I am working to change).

Then I applied the restricted groups GPO, rebooted and verified the changes. Again, I had no problem on the test rig, but some users in the first group are running into issues.

Expert Comment

by:Shoaib Hayat Butt
ID: 27062963
firts you need to confirm if the policy is applied to that user, run on command prompt
GPRESULT  /U adminuser /P adminpassword /USER targetusername
and see if the policy comes under group policy head.
plus some questions;
  • Are you using roaming profiles for users?
  • What restriction you applied to users?
  • Is the problem happening with all users in that group or some, if its some users, make them login to a different machine and see if still exist?
  • see event log of machine where user is login to check if any GP related event or any other errors that have far-off relation to issue even?
Bring this info so that we can suggest what really going on.

Accepted Solution

brayn earned 0 total points
ID: 27272118
I determined that this is only happening on machines that have been on the domain and have been patched a lot over the years. All of the workstations that are new or at least have fairly new installs of XP do not experience the problem. Luckily we only have a few of these older machines and it is an easy fix.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question