Restircted Groups Profile Problems

I've been implementing restricted groups within our domain, but have been running into a problem. A few users have had issues with their local profile after the restricted groups policy has been applied. After the GPO is applied and they reboot they are presented with a new profile. In order to correct the problem I have to give the user permissions to the original profile and then point the registry key back to the correct profile. I have been unable to determine why this is happening...

Any ideas on how to correct this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What did you configure?
Does the problem occur for an user that doesn't get the policy applied?
braynAuthor Commented:
I haven't configured the policy for everyone, just one group. The problem only affects that groups. I did some testing prior to pushing out the policy and had no problems. On the test computer I added a new user to AD, added domain users to the local admin group to replicate our current configuration. (I know, I know domain users as local admins are bad, but that is what I am working to change).

Then I applied the restricted groups GPO, rebooted and verified the changes. Again, I had no problem on the test rig, but some users in the first group are running into issues.
Shoaib Hayat Butt, ITILSolutions ArchitectCommented:
firts you need to confirm if the policy is applied to that user, run on command prompt
GPRESULT  /U adminuser /P adminpassword /USER targetusername
and see if the policy comes under group policy head.
plus some questions;
  • Are you using roaming profiles for users?
  • What restriction you applied to users?
  • Is the problem happening with all users in that group or some, if its some users, make them login to a different machine and see if still exist?
  • see event log of machine where user is login to check if any GP related event or any other errors that have far-off relation to issue even?
Bring this info so that we can suggest what really going on.
braynAuthor Commented:
I determined that this is only happening on machines that have been on the domain and have been patched a lot over the years. All of the workstations that are new or at least have fairly new installs of XP do not experience the problem. Luckily we only have a few of these older machines and it is an easy fix.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IT Administration

From novice to tech pro — start learning today.