Solved

assign domain profile to workgroup user on same computer

Posted on 2013-01-27
3
727 Views
Last Modified: 2013-01-30
we have a server 2003 with DC. we are going to get rid of the server so everyone will unjoined the domain. I don't want to rebuild the user profile. I have tested the following but not sure if there will be any issue.

I created local user account first and logged off and logged in with domain admin account. Unjoined the domain. after the pc reboot, I logged in using the new local user account. Logged off and sign in using the local admin account. I renamed the new local account to ex: peter.OLD and then on the user's domain profile, I go to security and assign full permission to the new local account. on the folder, rename to peter.
logged in as peter, I see all his previous setting and didn't see any error message. It looks good to me. so, is the way I am doing will cause any issue?
0
Comment
Question by:okamon
3 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
If it works, it should continue to work.
There could be issues you did not take into account, I.e. can users use efs to encrypt their files?

Separating workstations complicates management of computers and updates.
0
 
LVL 28

Assisted Solution

by:Ryan McCauley
Ryan McCauley earned 200 total points
Comment Utility
I've gone from workgroup to domain and brought profiles with me a number of times, using the following steps (from my blog):

http://trycatchfinally.net/2009/04/join-an-active-directory-domain-and-keep-your-local-profile-intact/

It sounds much like what you're doing - I've never done it in reverse (going from domain to workgroup), but I don't see why it wouldn't work the same way. Every time I do it, I'm a bit nervous that I'll get a crazy error that I can't troubleshoot, but it's always worked just fine and I haven't had any negative impact yet.
0
 
LVL 16

Accepted Solution

by:
PaciB earned 200 total points
Comment Utility
Hi,

You're missing something: a user profile is not only a set of files... it's also a set of registry keys that are stored in the NTUSER.DAT file in the profile directory. Registry keys ALSO have permissions given to the user account.
So, modifying only files permissions after a profile copy IS NOT ENOUGH to make the profile "usable".
What you need to do is to mount the user registry hive while you're logged on as an admin, replace permissions on the whole registry hive so that the old account permissions are replaced by the new account.

Have a good day.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now