I have a windows server 2008 which was recentley hit by teslacrypt virus - For those who don't know, this virus attacks shared folders/USB drives and encrypts files to the point where they are useless unless a ransom is paid via bitcoin.
I didn't pay the ransom, instead I relied on backups using symantec backup exec. The infected folders were:
StaffProfiles (used for each staff login using roaming profiles)
StaffCommon (a simple data share folder for all staff access)
APPS (again, just data containing mainly software installers)
The way backup exec works, it will restore the files from the backup, but if the folder already contains files not included in the backup it will simply restore the unencrypted files but also leave the encrypted files in place, obviously not ideal so I thought it would be best to empty the contents of the above shares and restore a clean backup, this has worked perfectly, however since doing so we have the following problems...
any user within the 'StaffUser' group can now only logon to their roaming profile as a temporary profile - With exception of the domain administrator account which works fine.
The DC won't sync the time using w32tm /sync from any client - Although I suspect this was an issue prior to the restore as the time was way out on some machines.
If I create a new profile within the 'StaffUser' group using the 'copy' (to copy one of the original staff profiles) I get an error message > "The \\dc\staff\setupcopy home folder was not created because: The network name cannot be found. The user account has been created with the new home folder value but you must created the folder manually" - If I setup a new user without copying an existing profile this works fine and the profile is allowed to login without a temporary profile, although the user has to be individually added to share permissions.
I suspect there is a problem somewhere with the main 'StaffUsers' group no longer connecting to the profile folders since the restore - Although I can see the group within the AD it is not seen when searching the AD to add to the shares.
Any advice more than welcomed!