Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 751
  • Last Modified:

assign domain profile to workgroup user on same computer

we have a server 2003 with DC. we are going to get rid of the server so everyone will unjoined the domain. I don't want to rebuild the user profile. I have tested the following but not sure if there will be any issue.

I created local user account first and logged off and logged in with domain admin account. Unjoined the domain. after the pc reboot, I logged in using the new local user account. Logged off and sign in using the local admin account. I renamed the new local account to ex: peter.OLD and then on the user's domain profile, I go to security and assign full permission to the new local account. on the folder, rename to peter.
logged in as peter, I see all his previous setting and didn't see any error message. It looks good to me. so, is the way I am doing will cause any issue?
0
okamon
Asked:
okamon
2 Solutions
 
arnoldCommented:
If it works, it should continue to work.
There could be issues you did not take into account, I.e. can users use efs to encrypt their files?

Separating workstations complicates management of computers and updates.
0
 
Ryan McCauleyDatabase and Reporting ManagerCommented:
I've gone from workgroup to domain and brought profiles with me a number of times, using the following steps (from my blog):

http://trycatchfinally.net/2009/04/join-an-active-directory-domain-and-keep-your-local-profile-intact/

It sounds much like what you're doing - I've never done it in reverse (going from domain to workgroup), but I don't see why it wouldn't work the same way. Every time I do it, I'm a bit nervous that I'll get a crazy error that I can't troubleshoot, but it's always worked just fine and I haven't had any negative impact yet.
0
 
Bruno PACIIT ConsultantCommented:
Hi,

You're missing something: a user profile is not only a set of files... it's also a set of registry keys that are stored in the NTUSER.DAT file in the profile directory. Registry keys ALSO have permissions given to the user account.
So, modifying only files permissions after a profile copy IS NOT ENOUGH to make the profile "usable".
What you need to do is to mount the user registry hive while you're logged on as an admin, replace permissions on the whole registry hive so that the old account permissions are replaced by the new account.

Have a good day.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now