?
Solved

Changing profiles

Posted on 2010-11-24
20
Medium Priority
?
428 Views
Last Modified: 2012-05-10
Hello,

I'm having problems when i want to change a roaming profile into a local profile. Local users automatically get a local profile. It's when I bring the pc into our domain, that Windows thinks every domain user will use romaing profiles. The problem is when I logon with a suer that doesn't have admin rights I get the message (view the attached file)
I have a workaround but for obvious reasons i don't like that way: giving everyone full control on documents & settings.

What are my options to be able to change the profile?

Jvuz
profile.jpg
0
Comment
Question by:jvuz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 4
  • +2
20 Comments
 
LVL 26

Expert Comment

by:Tony J
ID: 34204790
Where are your roaming profiles stored? Have you checked the permissions on the share?

When you set the user up to have a roaming profile, are you setting them up to point to \\server\share\username ? That's the proper way (actually, \\server\share\%username% will autocomplete their own and if you ever copy a profile it should automatically update).

When the log onto the PC for the first time, it should create a c:\documents and settings\username.domain profile folder.
0
 
LVL 21

Author Comment

by:jvuz
ID: 34204809
We don't want to use roaming profiles, we want to use local profiles. the fact is we set it so that the profile should be stored in c:\profile. So in fact it's ket twice is D&S and in profile. We're using no Windows servers but Linux server with Samba.

0
 
LVL 26

Expert Comment

by:Tony J
ID: 34204839
Apologies I read it backwards.

If they're on the domain then the profile path is most likely filled in with a roaming profile path.

Take it out and they will only use local profiles.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 21

Author Comment

by:jvuz
ID: 34204852
That doesn't change anything. It cannot create a profile and therefore it's setting up a temporarily prfile/account.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 34204889
How did you configure the users profile path?

Have you compared permissions with Docs & Settings with the new path?

If you try a user without redirecting it, do they log on ok?
0
 
LVL 21

Author Comment

by:jvuz
ID: 34204920
How did you configure the users profile path? c:\profile\user
If you try a user without redirecting it, do they log on ok? No, they get a temporary profile.

Only when I give full access for everyone on both documents & settings and the profile folder, it works. When I let the homedirectory for the domainusers empty, it automaticcaly generates a roaming profile (which I don't want).

jvuz
0
 
LVL 1

Accepted Solution

by:
greeboid earned 1336 total points
ID: 34204922
Firstly, What is the reason behind doing this?
Secondly, I presume you want all the profile information, ntuser.dat and documents and settings to reside on the local hard drive of the Windows XP workstation but not on the server?
Also, how have you configured their accounts in AD Users and Computers?
for example, if you navigate to the properties of the user's account in AD Users and computers, then the Profile tab and enter:\\[servername]\[sharename]\%username%
in the Profile Path: field it will save all the profile files and settings to that location (%username% being a wildcard that Windows 2003 uses to look up the user's username and substitutes it for the wildcard.
 
The simplest thing would be to use group policy and apply it to their OU.
Check out this link:

Configuring Roaming User Profiles

It will take you to a Technet article. The relevant bit is about a third of the way down.
The settings you require for this would be:
Computer -> Administrative Templates -> System ->User Profiles -> Only Allow local user profiles = Enabled
The explanation given for this setting within the Group Policy Object Editor is:
This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users log on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is merged with the server copy of their profile.

Using the setting, you can prevent users configured to use roaming profiles from receiving their profile on a specific computer.

If you enable this setting, the following occurs on the affected computer: At first logon, the user receives a new local  profile, rather than the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile.

If you disable this setting or do not configure it, the default behavior occurs, as indicated above.

If you enable both the "Prevent Roaming Profile changes from propagating to the server" setting and the "Only allow local user profiles" setting, roaming profiles are disabled.

Note: This setting only affects roaming profile users.

Does this help?

0
 
LVL 1

Expert Comment

by:greeboid
ID: 34204932
Sorry, Tony1044: I just realised I pretty much wrote what you said.
0
 
LVL 1

Expert Comment

by:greeboid
ID: 34204941
... about the profile path, that is.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 34204951
:-) That's ok

I am trying to work out the "why do this?" bit too, but also the fact that it's breaking somewhere suggests a permission that should be present has been removed.

I'm trying to find the default perms for docs & settings but so far can't track 'em down.
0
 
LVL 21

Author Comment

by:jvuz
ID: 34204959
Like I said in my opening post, we don't use Windows servers but Linux servers with Samba, so I guess it doesn't apply to us, greeboid. sorry.
0
 
LVL 1

Assisted Solution

by:greeboid
greeboid earned 1336 total points
ID: 34204974
Ah... Samba.
No windows... it pays to read things properly!

Extract from the Samba website:

The easiest type of profile to implement with Samba is the Local Profile. Local Profiles are stored on each individual computer and are not centrally located on a server. To utilize Local Profiles simply set the following directives to nothing:
logon path =
logon home =

NOTE: When using Local Profiles, Samba's "logon drive" directive has no meaning. If you still want the user's home directory on a Samba server set to a drive letter, you must set it with a Logon Script.

Even though local profiles are stored on the User's computer, it is still a good idea to redirect certain folders within their profile to a Samba Share, such as the "Documents" folder. To do this see the wiki article on implementing Windows Policies.
0
 
LVL 21

Author Comment

by:jvuz
ID: 34204998
Thanks alot greeboid. I'll read it an keep you guys informed. Thanks alot already!
0
 
LVL 1

Expert Comment

by:greeboid
ID: 34205006
love to know how you get on... sorry I'm too dumb to read stuff properly!
0
 
LVL 21

Author Comment

by:jvuz
ID: 34205037
No probs ;)
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34205240
I would check to see that the permissions are ok for the Docs and Setting\Default User profile folder. Users/Everyone should have "Read and Execute\List Folder Contents\Read", and SYSTEM and Admins have full control. Did you by any chance customize the Default User Profile?

Also, look at the permissions on the following reg key......

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

If there are any existing profile entries here for a user, they might still have a "CentralProfile" string value.....

Might be where the systems are thinking they are roaming for.....
0
 
LVL 4

Assisted Solution

by:Vishal Patel
Vishal Patel earned 664 total points
ID: 34210372
You try to run the following registry in the system with such problem. Login-Problem.reg

This has solved many of my such problems. But still you will use it at your risk.
0
 
LVL 21

Author Comment

by:jvuz
ID: 34210873
OK, so our network administrator changed it in the samba configuration but no avail; I searched a bit on the net and I found several site where you needed to change that on the machine itself via gpedit.

to disable roaming profiles....


Start/Run/gpedit.msc
Local Computer Policy/Computer Configuration/Administrative Templates/System/User Profiles/Only Allow Local User Profiles. Local Computer Policy/Computer Configuration/Administrative Templates/System/User Profiles

Enable both the "Prevent Roaming Profile changes from propagating to the server" setting and the "Only allow local user profiles" setting.

(http://www.linuxquestions.org/questions/linux-general-1/samba-pdc-without-roaming-profiles-2-a-47604/)

but I cannot go further then Local Computer Policy/Computer Configuration/Administrative Templates. There is no system. This is probably because we don't use AD? Is there a way that I still could use this?

jvuz
0
 
LVL 21

Author Comment

by:jvuz
ID: 34228083
By using this (via a reg file) I managed to disable the roaming profiles.

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System]
"LocalProfile"=dword:00000001
"ReadOnlyProfile"=dword:00000001
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question