Locked profiles on sbs 2003 domain.

Posted on 2012-09-11
Medium Priority
Last Modified: 2012-09-25
I'm looking at an Sbs 2003 domain.  The domain has a mix of xp and windows 7 machines, with roaming profiles enabled.  The users who use primarily xp are unable to log onto their domain profiles, instead given the old "you are logging onto a cached local profile" message.  When they delete an item from their profile, it returns upon logging off and logging back on.  Their profile folders are read only on the server, when I attempt to change this I receive an error stating that a folder named "D@1."something is not accessible.  The something changes, thus far it's been either *.lnk and *.docx.  I've logged onto the profile and run a search for the file, it comes up with a test file placed on the desktop, literally named test.
Any thoughts?
Question by:wcoil
  • 2
  • 2
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 38387178
Are the folder names actually like "D@1." or is that just something you made up as an example?  That's a really weird folder name. Profile folders would normally be named the same as the user's logon name.  Make sure that the XP users' profile folders do NOT have a ".V2" extension - that extension should exist only on the Windows 7 users' profile folders.

Sounds like the first thing you'll have to do is take ownership of the folder(s).  Then you will be able to change the NTFS security settings so that they are appropriate.  The usual profile security settings would be like this:

Top level shared folder:

Share permissions: Administrators Full, Users (or Domain Users) Change
NTFS permissions: Administrators and System Full, Users (or Domain Users) Modify (This folder only)

Individual profile folders, NTFS permissions: Administrators, System and the individual user should all have Full permission. (Not everyone gives the Administrators group permissions, but I've found that not doing this can cause problems managing these folders when problems arise, as you're experiencing right now.)

Author Comment

ID: 38387248
D@1 is the actual name of the file, not folder.  Profile folders do all have proper names.  Some of these individuals do have Profile.v2 folders, some do not.  The problem lies in the non-.v2 folder.  Ntfs Domain Users had no rights.  I modified this, still the same issue.  It's worth noting that the raid array on this server crashed last week and everything on it was rebuilt from backup.
LVL 38

Accepted Solution

Hypercat (Deb) earned 1500 total points
ID: 38387379
I would try creating a complete new profile folder for one user and see if that works.  It sounds as though the security settings on these folders have gotten corrupted in some way.  How many users are affected?

To create the new profile folder the way I would suggest is:

1.  Change the name of the profile folder that exists on the server and create a new folder with the correct name and permissions.
2.  Go to the user's workstation, log on as Administrator. Go to the System properties, Advanced tab, Users section and from there copy their local profile (assuming it still exists) to the server and give their domain account permission to that folder. The permissions thing seems redundant, I know, since you've already set up the permissions manually, but do it as a fail-safe to make sure the permissions are correct.

Then log on as the user and see if the profile works.

Author Comment

ID: 38434927
We just ended up recreating the profiles on the server and that fixed the issue

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync meeting or Lync conferencing is what many organizations would like to deploy to allow them save money. But companies are now giving up for various reasons, one of which is that they cannot join external meetings (non-federated company meetings)…
Experts-Exchange users below are the steps you can follow to upgrade your Lync server to latest CU's or cumulative updates. Note: Perform it during non-production hours.   Step 1: Backup your lync and SQL server database. Follow below article: h…
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question