Restircted Groups Profile Problems

I've been implementing restricted groups within our domain, but have been running into a problem. A few users have had issues with their local profile after the restricted groups policy has been applied. After the GPO is applied and they reboot they are presented with a new profile. In order to correct the problem I have to give the user permissions to the original profile and then point the registry key back to the correct profile. I have been unable to determine why this is happening...

Any ideas on how to correct this?
Who is Participating?
braynAuthor Commented:
I determined that this is only happening on machines that have been on the domain and have been patched a lot over the years. All of the workstations that are new or at least have fairly new installs of XP do not experience the problem. Luckily we only have a few of these older machines and it is an easy fix.
What did you configure?
Does the problem occur for an user that doesn't get the policy applied?
braynAuthor Commented:
I haven't configured the policy for everyone, just one group. The problem only affects that groups. I did some testing prior to pushing out the policy and had no problems. On the test computer I added a new user to AD, added domain users to the local admin group to replicate our current configuration. (I know, I know domain users as local admins are bad, but that is what I am working to change).

Then I applied the restricted groups GPO, rebooted and verified the changes. Again, I had no problem on the test rig, but some users in the first group are running into issues.
Shoaib Hayat Butt, ITILSolutions ArchitectCommented:
firts you need to confirm if the policy is applied to that user, run on command prompt
GPRESULT  /U adminuser /P adminpassword /USER targetusername
and see if the policy comes under group policy head.
plus some questions;
  • Are you using roaming profiles for users?
  • What restriction you applied to users?
  • Is the problem happening with all users in that group or some, if its some users, make them login to a different machine and see if still exist?
  • see event log of machine where user is login to check if any GP related event or any other errors that have far-off relation to issue even?
Bring this info so that we can suggest what really going on.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.