Locked profiles on sbs 2003 domain.

Posted on 2012-09-11
Last Modified: 2012-09-25
I'm looking at an Sbs 2003 domain.  The domain has a mix of xp and windows 7 machines, with roaming profiles enabled.  The users who use primarily xp are unable to log onto their domain profiles, instead given the old "you are logging onto a cached local profile" message.  When they delete an item from their profile, it returns upon logging off and logging back on.  Their profile folders are read only on the server, when I attempt to change this I receive an error stating that a folder named "D@1."something is not accessible.  The something changes, thus far it's been either *.lnk and *.docx.  I've logged onto the profile and run a search for the file, it comes up with a test file placed on the desktop, literally named test.
Any thoughts?
Question by:wcoil
    LVL 38

    Expert Comment

    by:Hypercat (Deb)
    Are the folder names actually like "D@1." or is that just something you made up as an example?  That's a really weird folder name. Profile folders would normally be named the same as the user's logon name.  Make sure that the XP users' profile folders do NOT have a ".V2" extension - that extension should exist only on the Windows 7 users' profile folders.

    Sounds like the first thing you'll have to do is take ownership of the folder(s).  Then you will be able to change the NTFS security settings so that they are appropriate.  The usual profile security settings would be like this:

    Top level shared folder:

    Share permissions: Administrators Full, Users (or Domain Users) Change
    NTFS permissions: Administrators and System Full, Users (or Domain Users) Modify (This folder only)

    Individual profile folders, NTFS permissions: Administrators, System and the individual user should all have Full permission. (Not everyone gives the Administrators group permissions, but I've found that not doing this can cause problems managing these folders when problems arise, as you're experiencing right now.)

    Author Comment

    D@1 is the actual name of the file, not folder.  Profile folders do all have proper names.  Some of these individuals do have Profile.v2 folders, some do not.  The problem lies in the non-.v2 folder.  Ntfs Domain Users had no rights.  I modified this, still the same issue.  It's worth noting that the raid array on this server crashed last week and everything on it was rebuilt from backup.
    LVL 38

    Accepted Solution

    I would try creating a complete new profile folder for one user and see if that works.  It sounds as though the security settings on these folders have gotten corrupted in some way.  How many users are affected?

    To create the new profile folder the way I would suggest is:

    1.  Change the name of the profile folder that exists on the server and create a new folder with the correct name and permissions.
    2.  Go to the user's workstation, log on as Administrator. Go to the System properties, Advanced tab, Users section and from there copy their local profile (assuming it still exists) to the server and give their domain account permission to that folder. The permissions thing seems redundant, I know, since you've already set up the permissions manually, but do it as a fail-safe to make sure the permissions are correct.

    Then log on as the user and see if the profile works.

    Author Comment

    We just ended up recreating the profiles on the server and that fixed the issue

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Article by: Leon
    Software Metering within our group of companies has always been an afterthought until auditing of software and licensing became a pain point. Orchestrator and SCCM metering gave us the answer and it was an exciting process.
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
    The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now