Solved

Changing profiles

Posted on 2010-11-24
20
387 Views
Last Modified: 2012-05-10
Hello,

I'm having problems when i want to change a roaming profile into a local profile. Local users automatically get a local profile. It's when I bring the pc into our domain, that Windows thinks every domain user will use romaing profiles. The problem is when I logon with a suer that doesn't have admin rights I get the message (view the attached file)
I have a workaround but for obvious reasons i don't like that way: giving everyone full control on documents & settings.

What are my options to be able to change the profile?

Jvuz
profile.jpg
0
Comment
Question by:jvuz
  • 8
  • 6
  • 4
  • +2
20 Comments
 
LVL 25

Expert Comment

by:Tony1044
ID: 34204790
Where are your roaming profiles stored? Have you checked the permissions on the share?

When you set the user up to have a roaming profile, are you setting them up to point to \\server\share\username ? That's the proper way (actually, \\server\share\%username% will autocomplete their own and if you ever copy a profile it should automatically update).

When the log onto the PC for the first time, it should create a c:\documents and settings\username.domain profile folder.
0
 
LVL 21

Author Comment

by:jvuz
ID: 34204809
We don't want to use roaming profiles, we want to use local profiles. the fact is we set it so that the profile should be stored in c:\profile. So in fact it's ket twice is D&S and in profile. We're using no Windows servers but Linux server with Samba.

0
 
LVL 25

Expert Comment

by:Tony1044
ID: 34204839
Apologies I read it backwards.

If they're on the domain then the profile path is most likely filled in with a roaming profile path.

Take it out and they will only use local profiles.
0
 
LVL 21

Author Comment

by:jvuz
ID: 34204852
That doesn't change anything. It cannot create a profile and therefore it's setting up a temporarily prfile/account.
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 34204889
How did you configure the users profile path?

Have you compared permissions with Docs & Settings with the new path?

If you try a user without redirecting it, do they log on ok?
0
 
LVL 21

Author Comment

by:jvuz
ID: 34204920
How did you configure the users profile path? c:\profile\user
If you try a user without redirecting it, do they log on ok? No, they get a temporary profile.

Only when I give full access for everyone on both documents & settings and the profile folder, it works. When I let the homedirectory for the domainusers empty, it automaticcaly generates a roaming profile (which I don't want).

jvuz
0
 
LVL 1

Accepted Solution

by:
greeboid earned 334 total points
ID: 34204922
Firstly, What is the reason behind doing this?
Secondly, I presume you want all the profile information, ntuser.dat and documents and settings to reside on the local hard drive of the Windows XP workstation but not on the server?
Also, how have you configured their accounts in AD Users and Computers?
for example, if you navigate to the properties of the user's account in AD Users and computers, then the Profile tab and enter:\\[servername]\[sharename]\%username%
in the Profile Path: field it will save all the profile files and settings to that location (%username% being a wildcard that Windows 2003 uses to look up the user's username and substitutes it for the wildcard.
 
The simplest thing would be to use group policy and apply it to their OU.
Check out this link:

Configuring Roaming User Profiles

It will take you to a Technet article. The relevant bit is about a third of the way down.
The settings you require for this would be:
Computer -> Administrative Templates -> System ->User Profiles -> Only Allow local user profiles = Enabled
The explanation given for this setting within the Group Policy Object Editor is:
This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users log on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is merged with the server copy of their profile.

Using the setting, you can prevent users configured to use roaming profiles from receiving their profile on a specific computer.

If you enable this setting, the following occurs on the affected computer: At first logon, the user receives a new local  profile, rather than the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile.

If you disable this setting or do not configure it, the default behavior occurs, as indicated above.

If you enable both the "Prevent Roaming Profile changes from propagating to the server" setting and the "Only allow local user profiles" setting, roaming profiles are disabled.

Note: This setting only affects roaming profile users.

Does this help?

0
 
LVL 1

Expert Comment

by:greeboid
ID: 34204932
Sorry, Tony1044: I just realised I pretty much wrote what you said.
0
 
LVL 1

Expert Comment

by:greeboid
ID: 34204941
... about the profile path, that is.
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 34204951
:-) That's ok

I am trying to work out the "why do this?" bit too, but also the fact that it's breaking somewhere suggests a permission that should be present has been removed.

I'm trying to find the default perms for docs & settings but so far can't track 'em down.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 21

Author Comment

by:jvuz
ID: 34204959
Like I said in my opening post, we don't use Windows servers but Linux servers with Samba, so I guess it doesn't apply to us, greeboid. sorry.
0
 
LVL 1

Assisted Solution

by:greeboid
greeboid earned 334 total points
ID: 34204974
Ah... Samba.
No windows... it pays to read things properly!

Extract from the Samba website:

The easiest type of profile to implement with Samba is the Local Profile. Local Profiles are stored on each individual computer and are not centrally located on a server. To utilize Local Profiles simply set the following directives to nothing:
logon path =
logon home =

NOTE: When using Local Profiles, Samba's "logon drive" directive has no meaning. If you still want the user's home directory on a Samba server set to a drive letter, you must set it with a Logon Script.

Even though local profiles are stored on the User's computer, it is still a good idea to redirect certain folders within their profile to a Samba Share, such as the "Documents" folder. To do this see the wiki article on implementing Windows Policies.
0
 
LVL 1

Expert Comment

by:greeboid
ID: 34204982
0
 
LVL 21

Author Comment

by:jvuz
ID: 34204998
Thanks alot greeboid. I'll read it an keep you guys informed. Thanks alot already!
0
 
LVL 1

Expert Comment

by:greeboid
ID: 34205006
love to know how you get on... sorry I'm too dumb to read stuff properly!
0
 
LVL 21

Author Comment

by:jvuz
ID: 34205037
No probs ;)
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34205240
I would check to see that the permissions are ok for the Docs and Setting\Default User profile folder. Users/Everyone should have "Read and Execute\List Folder Contents\Read", and SYSTEM and Admins have full control. Did you by any chance customize the Default User Profile?

Also, look at the permissions on the following reg key......

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

If there are any existing profile entries here for a user, they might still have a "CentralProfile" string value.....

Might be where the systems are thinking they are roaming for.....
0
 
LVL 4

Assisted Solution

by:Vishal Patel
Vishal Patel earned 166 total points
ID: 34210372
You try to run the following registry in the system with such problem. Login-Problem.reg

This has solved many of my such problems. But still you will use it at your risk.
0
 
LVL 21

Author Comment

by:jvuz
ID: 34210873
OK, so our network administrator changed it in the samba configuration but no avail; I searched a bit on the net and I found several site where you needed to change that on the machine itself via gpedit.

to disable roaming profiles....


Start/Run/gpedit.msc
Local Computer Policy/Computer Configuration/Administrative Templates/System/User Profiles/Only Allow Local User Profiles. Local Computer Policy/Computer Configuration/Administrative Templates/System/User Profiles

Enable both the "Prevent Roaming Profile changes from propagating to the server" setting and the "Only allow local user profiles" setting.

(http://www.linuxquestions.org/questions/linux-general-1/samba-pdc-without-roaming-profiles-2-a-47604/)

but I cannot go further then Local Computer Policy/Computer Configuration/Administrative Templates. There is no system. This is probably because we don't use AD? Is there a way that I still could use this?

jvuz
0
 
LVL 21

Author Comment

by:jvuz
ID: 34228083
By using this (via a reg file) I managed to disable the roaming profiles.

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System]
"LocalProfile"=dword:00000001
"ReadOnlyProfile"=dword:00000001
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now