baleman2
asked on
Domain User's Profile access by different Domain User
Personnel changes in our company dictate the following move:
1) User1 is leaving the company. His computer (and domain profile) is full of data accumulated over the years and needs to remain intact. His login credentials are personal rather than generic, i.e., "his name" and password of his choosing.
2) User2 is a company employee. His computer (and domain profile) is full of data accumulated over the years and needs to remain intact. His login credentials are personal rather than generic, i.e., "his name" and password of his choosing.
3) User3 is a newly hired employee. He has no login credentials yet to be authenticated in our domain.
I'm going to have the same problem on the computers belonging to both User1 and User2.
User2 (on his computer while logged in with his domain credentials) is training User3 to assume his position. Once User3 is ready, a profile must be created for User3. Login credentials would be personal, i.e., "his name" and password of his choosing. However, when User3 logs in to the computer formerly used by User2, I need all of User2's settings, icons, folders, files, etc., to be available to User3 - exactly the same as they have been available while User2 trained User3 to take over his position.
User2 will be moving to the position now occupied by User1. User1 (on his computer while logged in with his domain credentials) is training User2 to assume his position. Remember that User2 already has domain credentials. Once User2 is ready, User2 will begin logging in to User1's computer by entering his own (already established) domain credentials. User2 will need all of User1's settings, icons, folders, files, etc., to be available - exactly the same as they have been for User1.
Because User2 will be logging in to User1's computer with domain credentials that were used on another computer, I don't want any of User2's "old" folders, files, settings, etc., to populate on the computer that he has moved to.
This is simply a matter of employees moving to other computers, but it doesn't seem quite so simple.
Please advise.
1) User1 is leaving the company. His computer (and domain profile) is full of data accumulated over the years and needs to remain intact. His login credentials are personal rather than generic, i.e., "his name" and password of his choosing.
2) User2 is a company employee. His computer (and domain profile) is full of data accumulated over the years and needs to remain intact. His login credentials are personal rather than generic, i.e., "his name" and password of his choosing.
3) User3 is a newly hired employee. He has no login credentials yet to be authenticated in our domain.
I'm going to have the same problem on the computers belonging to both User1 and User2.
User2 (on his computer while logged in with his domain credentials) is training User3 to assume his position. Once User3 is ready, a profile must be created for User3. Login credentials would be personal, i.e., "his name" and password of his choosing. However, when User3 logs in to the computer formerly used by User2, I need all of User2's settings, icons, folders, files, etc., to be available to User3 - exactly the same as they have been available while User2 trained User3 to take over his position.
User2 will be moving to the position now occupied by User1. User1 (on his computer while logged in with his domain credentials) is training User2 to assume his position. Remember that User2 already has domain credentials. Once User2 is ready, User2 will begin logging in to User1's computer by entering his own (already established) domain credentials. User2 will need all of User1's settings, icons, folders, files, etc., to be available - exactly the same as they have been for User1.
Because User2 will be logging in to User1's computer with domain credentials that were used on another computer, I don't want any of User2's "old" folders, files, settings, etc., to populate on the computer that he has moved to.
This is simply a matter of employees moving to other computers, but it doesn't seem quite so simple.
Please advise.
Generally there are three areas that I find are relevant to move between users:
Documents
Desktop
Favourites
So once you create a new profile for user2 and they sign on, someone with admin rights can copy the contents of those folders from user 1 to user 2. I would not recommend doing it any other way. There is a lot of security settings and other items that will cause problems if you simply try and copy a user's profile.
In addition if you just try and rename an old user's profile and let a new user have it, you may risk liability for exposing the previous user's personal information, such as personal passwords.
Documents
Desktop
Favourites
So once you create a new profile for user2 and they sign on, someone with admin rights can copy the contents of those folders from user 1 to user 2. I would not recommend doing it any other way. There is a lot of security settings and other items that will cause problems if you simply try and copy a user's profile.
In addition if you just try and rename an old user's profile and let a new user have it, you may risk liability for exposing the previous user's personal information, such as personal passwords.
You can link more than one user to a profile
- Login with admin user (not one of the users)
- Open Regedit
- Load hive, browse to original profile, select NTUSER.DAT (not NTUSER.DAT.LOG) and type a name
- Open permissions to the name you gave and give new account full control and force inheritance
- Expand HKEY_LOCAL_MACHINE\SOFTWAR
E\Microsof t\Windows NT\CurrentVersion\ProfileL ist. Each key here is associated with a user account on this computer. Go through each key and look at the "ProfileImagePath" string. Find the one that is for the profile you get when logging into original account (usually username.computername) - Change it to original profile path
- Open Explorer
- Browse to original profile
- Open permissions and give new account full control and force inheritance
- Restart and log in with your account
ASKER
For Luis Mena: No roaming profiles.
For Brian B: User2 already has a domain profile. He's been an employee for years. With this move to User3's computer, User2 will be willingly giving up all access to anything in his original profile to User3. Once User2 logs in to User1's computer with User2 credentials, User2 needs to see everything that is associated with User1's profile AND NOTHING previously associated with his own profile.
For Shaun Vermaak: Am using my own computer (for browsing) to test your solution
Step 3) Can't find NTUSER.DAT
Step 4) The "name" I use here would be the "Display Name" of the new account or the Windows Login "Username"
a) John Doe (Display Name)
b) jdoe (Windows Login Username)
Step 6) As in -> C:\Users\User1
For Brian B: User2 already has a domain profile. He's been an employee for years. With this move to User3's computer, User2 will be willingly giving up all access to anything in his original profile to User3. Once User2 logs in to User1's computer with User2 credentials, User2 needs to see everything that is associated with User1's profile AND NOTHING previously associated with his own profile.
For Shaun Vermaak: Am using my own computer (for browsing) to test your solution
Step 3) Can't find NTUSER.DAT
Step 4) The "name" I use here would be the "Display Name" of the new account or the Windows Login "Username"
a) John Doe (Display Name)
b) jdoe (Windows Login Username)
Step 6) As in -> C:\Users\User1
This will only cause a problem if the profiles are on a server and not local PC. If the profiles are defined from AD home profile area then you will have to do some changes but if the profiles are local PC profiles you don't have much to worry about. Just copy the folders from user 2 to user 1 profile.
So if understand what you described you would use the same steps I described but copy them between computers instead of between profiles.
Regarding ntuser.dat, it is a system file. So you may not see it unless you are a local admin and have windows set to show hidden system files.
Regarding ntuser.dat, it is a system file. So you may not see it unless you are a local admin and have windows set to show hidden system files.
Step 3) Can't find NTUSER.DATType it in manually or unhide hidden files
Step 4) The "name" I use here would be the "Display Name" of the new account or the Windows Login "Username"Username
a) John Doe (Display Name)
b) jdoe (Windows Login Username)
Step 6) As in -> C:\Users\User1Yes
ASKER
To Shaun Vermaak: Assume all your steps are successful. When User2 logs in to the computer belonging to User1 for the first time, what happens with all the settings in her original profile. Remember, User2 no longer needs any of the information he was seeing when logging in to his own former computer. He only needs to see what is available to User1 on User1's computer. That is, User2 needs NOTHING from his original profile.
All settings saved, it is the same profile. They cannot howerver switch between the two so that both are logged on at the same time
For user2, specify a new profileimagepath
ASKER
So, for User2, create a new domain profile named User2a; then, complete your steps?
Nope, both users keep their account. Basically step one is to allow both users to use same profile then step to change profileimagepath registry value to a new profile and that user will get new profile
ASKER
So User2 will not see anything relative to his own original profile when logging in to User1's computer - after following your process? That's what I need to have happen. Am going to do this today.
Yes, if you specify a new profileimagepath, User2 will get a new profile
ASKER
Take a look, please. Am having some problems which are described in the screenshots.
ASKER
Sorry, here's the attachment
C--Users-dan-Desktop-Profile-Change.docx
C--Users-dan-Desktop-Profile-Change.docx
Understand where confusion is, my instructions are not clear
Highlighted NTUSER.DAT, click open and then type in the name
Highlighted NTUSER.DAT, click open and then type in the name
ASKER
Take a look at the additional screenshot. Had tried your last suggestions before.
C--Users-dan-Desktop-Profile-Change.docx
C--Users-dan-Desktop-Profile-Change.docx
If file is in user, you are logged in as user perhaps
ASKER
I'm offsite and using RDP to login remotely to the computer. But the credentials I'm using are not the credentials belonging to JPROCTOR. I'm logged in to his computer with my own Domain Admin credentials.
?????
Maybe I've got to go onsite?
?????
Maybe I've got to go onsite?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That did it!!
Everything worked as described. Thanks!
Everything worked as described. Thanks!
Glad we could help.
Please remember to endorse my, or any other expert's comments that you found helpful by clicking on the "Thumb's Up" button
Please remember to endorse my, or any other expert's comments that you found helpful by clicking on the "Thumb's Up" button
When you say settings, what settings? Moving files and icon and all that can be moved easy.