Restircted Groups Profile Problems

Posted on 2010-01-05
Last Modified: 2012-06-27
I've been implementing restricted groups within our domain, but have been running into a problem. A few users have had issues with their local profile after the restricted groups policy has been applied. After the GPO is applied and they reboot they are presented with a new profile. In order to correct the problem I have to give the user permissions to the original profile and then point the registry key back to the correct profile. I have been unable to determine why this is happening...

Any ideas on how to correct this?
Question by:brayn
    LVL 5

    Expert Comment

    What did you configure?
    Does the problem occur for an user that doesn't get the policy applied?

    Author Comment

    I haven't configured the policy for everyone, just one group. The problem only affects that groups. I did some testing prior to pushing out the policy and had no problems. On the test computer I added a new user to AD, added domain users to the local admin group to replicate our current configuration. (I know, I know domain users as local admins are bad, but that is what I am working to change).

    Then I applied the restricted groups GPO, rebooted and verified the changes. Again, I had no problem on the test rig, but some users in the first group are running into issues.
    LVL 7

    Expert Comment

    by:Shoaib Hayat Butt
    firts you need to confirm if the policy is applied to that user, run on command prompt
    GPRESULT  /U adminuser /P adminpassword /USER targetusername
    and see if the policy comes under group policy head.
    plus some questions;
    • Are you using roaming profiles for users?
    • What restriction you applied to users?
    • Is the problem happening with all users in that group or some, if its some users, make them login to a different machine and see if still exist?
    • see event log of machine where user is login to check if any GP related event or any other errors that have far-off relation to issue even?
    Bring this info so that we can suggest what really going on.

    Accepted Solution

    I determined that this is only happening on machines that have been on the domain and have been patched a lot over the years. All of the workstations that are new or at least have fairly new installs of XP do not experience the problem. Luckily we only have a few of these older machines and it is an easy fix.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Transparency shows that a company is the kind of business that it wants people to think it is.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now