Ask Me Help Desk

Ask Me Help Desk (https://www.askmehelpdesk.com/forum.php)
-   Networking (https://www.askmehelpdesk.com/forumdisplay.php?f=76)
-   -   Local User Profile Reset at Logon (https://www.askmehelpdesk.com/showthread.php?t=185807)

  • Feb 19, 2008, 10:23 AM
    scoobydoo_157
    Local User Profile Reset at Logon
    I am having a weird occurrence, it started with one user, then another and another.

    I reformatted the PC and setup the user. No roaming profiles. Local profile, user off domain.
    Policy only to redirect My Docs & Desktop to users home directory on our server.

    Setup Internet, Outlook, Printers, etc.
    When user boots up PC the next day. It is as if they are logging on for the first time.
    All the above needs to be reconfigured again.

    In the Doc and Settings folder there is no username.domain.000 or.001

    I am totally stumped.
  • Feb 19, 2008, 10:31 AM
    TechEmperor
    What does the ProfileImagePath registry entry for each user look like? Do the users have full permissions to those directories? Does the user who is editing the profiles have full permissions to them?
  • Feb 19, 2008, 10:39 AM
    scoobydoo_157
    %SystemDrive%\Documents and Settings\user.DOMAIN

    User has full control but is not the owner.
  • Feb 19, 2008, 10:55 AM
    TechEmperor
    Make sure the user is a local administrator on the PC, OR make them the owner of that directory. Then try it and let me know what happens. This is definitely a permissions issue.
  • Feb 19, 2008, 11:50 AM
    chuckhole
    At the PC, type GPRESULT at a command prompt. This will tell you what Group Policies are being applied to the PC. Compare this to your expected results. You stated that only a simple Group Policy is being applied. Is this the case? There could be policies being applied from other parent OU's.

    In the Group Policy Management console, open all of the policies that are being applied. Look at the Settings tab and verify that there are no unexpected settings being applied. As templates are added/removed from a policy, some of the settings may still be in effect. You would not see them if the appropriate template is not being loaded in the GP Editor. They would still be applied to the PC's but would be "ghosted" in the Editor. They will show up in the Settings tab.

    Enable the User Environment Logging on a couple PC's so that you can see exactly what is happening during the logon and logoff process.

    Refer to MS KB article 221833 for detailed info.

    This type of behaviour would be appropriate for building out a Kiosk style PC where you did not want to save user profiles. These options are available to be set in Group Policy under the Computer Policies.

    In the GP Editor, make sure the SYSTEM.ADM template is loaded in the Administrative Templates. Go to Computer Configuration/Adminsitrative Templates/System/User Profiles.

    Review all of the settings.

    Also, go to User Configuration/Administrative Templates/Desktop.

    Review all of the settings.
  • Feb 20, 2008, 09:09 AM
    scoobydoo_157
    Happened again this morning to a new user. Who was fine for two months.
    They shut down at night and on startup everything is reset.

    User is owner of the directory and has full permission.

    Could it be the mapping of the Desktop? But then why do the printers disappear?



    GPRESULT
    The user received "Registry" settings from these GPOs:

    Classified


    ================================================== =============
    The user received "Folder Redirection" settings from these GPOs:

    Classified


    ================================================== =============
    The user received "Internet Explorer Branding" settings from these GPOs:

    Classified

    The computer is a member of the following security groups:

    BUILTIN\Administrators
    \Everyone
    BUILTIN\Users
    NT AUTHORITY\NETWORK
    NT AUTHORITY\Authenticated Users
    DOMAIN\(COMPUTER NAME$)
    DOMAIN\Domain Computers


    The computer received "Registry" settings from these GPOs:

    Local Group Policy
    Default Domain Policy


    ================================================== =============
    The computer received "Security" settings from these GPOs:

    Local Group Policy
    Default Domain Policy


    ================================================== =============
    The computer received "EFS recovery" settings from these GPOs:

    Local Group Policy
    Default Domain Policy
  • Feb 20, 2008, 09:14 AM
    scoobydoo_157
    Grant User Exclusive Rights to Desktop is checked off in the policy.

    I have three servers users can authenticate to.
    (1) W2K3 Enterprise SP1 - PDC
    (1) W2K3 Standard SP2
    (1) W2K SP4
  • Feb 20, 2008, 09:26 AM
    chuckhole
    Now that you know all of the policies that are being applied on the computer, you will have to open the GP Manager and review the Settings for each of the policies. You can also open an MMC on the PC and add the Resultant Set of Policies snap-in. In the Actions menu, run the RSoP for the computer and user to see all of the applied settings.

    Second, have you enabled the User Environment Logging on a group of PC's so that you can review the logs? This will give you a step by step process of everything that is happening.
  • Feb 21, 2008, 09:05 AM
    scoobydoo_157
    When logging off:

    USERENV(778.3f8) 17:14:18:469 LibMain: Process Name: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    USERENV(6a8.60c) 17:14:20:641 LibMain: Process Name: C:\Program Files\Internet Explorer\IEXPLORE.EXE
    USERENV(6a8.60c) 17:14:20:657 ImpersonateUser: Failed to impersonate user with 5.
    USERENV(6a8.60c) 17:14:20:657 GetUserNameAndDomain Failed to impersonate user
    USERENV(6a8.61c) 17:14:20:704 GetProfileType: Profile already loaded.
    USERENV(6a8.61c) 17:14:21:360 GetProfileType: ProfileFlags is 0
    USERENV(278.68c) 17:14:21:469 LibMain: Process Name: C:\Program Files\Internet Explorer\IEXPLORE.EXE
    USERENV(6a8.60c) 17:14:21:563 GetProfileType: Profile already loaded.
    USERENV(278.578) 17:14:21:579 GetProfileType: Profile already loaded.
    USERENV(278.68c) 17:14:21:579 ImpersonateUser: Failed to impersonate user with 5.
    USERENV(6a8.60c) 17:14:21:594 GetProfileType: ProfileFlags is 0
    USERENV(278.68c) 17:14:21:610 GetUserNameAndDomain Failed to impersonate user
    USERENV(278.578) 17:14:22:032 GetProfileType: ProfileFlags is 0
    USERENV(778.578) 17:14:23:391 LibMain: Process Name: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    USERENV(578.650) 17:29:48:657 LibMain: Process Name: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    USERENV(578.408) 17:29:49:641 LibMain: Process Name: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    USERENV(1e0.754) 17:32:18:266 LibMain: Process Name: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    USERENV(1e0.55c) 17:32:19:422 LibMain: Process Name: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    USERENV(4c4.7b4) 17:32:49:032 LibMain: Process Name: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    USERENV(4c4.53c) 17:32:50:188 LibMain: Process Name: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    USERENV(6a0.614) 17:36:42:875 LibMain: Process Name: C:\WINNT\system32\mobsync.exe
    USERENV(b0.8c) 17:36:43:641 UnloadUserProfile: Entering, hProfile = <0x2ac>
    USERENV(b0.8c) 17:36:43:641 GetUserMutex: entering
    USERENV(b0.8c) 17:36:43:641 GetUserMutex: Waiting...
    USERENV(b0.8c) 17:36:43:657 GetUserMutex: Wait succeeded. Mutex currently held.
    USERENV(b0.8c) 17:36:43:657 GetExclusionListFromRegistry: Policy list is empty, returning user list = <Local Settings;Temporary Internet

    Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook>
    USERENV(b0.8c) 17:36:44:047 MyRegUnloadKey: Mutex released. Returning 1.
    USERENV(b0.8c) 17:36:44:063 UnloadUserProfile: Successfully unloaded profile
    USERENV(b0.8c) 17:36:44:094 MyRegUnloadKey: Mutex released. Returning 1.
    USERENV(b0.8c) 17:36:44:110 UnLoadClassHive: Successfully unmounted S-1-5-21-186617772-1385606432-3750166687-1173_Classes
    USERENV(b0.8c) 17:36:44:110 UnloadUserProfile: Successfully unloaded user classes
    USERENV(b0.8c) 17:36:44:110 UnloadUserProfile: Impersonated user
    USERENV(b0.8c) 17:36:44:110 UnloadUserProfile: Writing local ini file
    USERENV(b0.8c) 17:36:44:125 UnloadUserProfile: Reverting to Self
    USERENV(b0.8c) 17:36:44:125 UnloadUserProfile: exitting and cleaning up
    USERENV(b0.8c) 17:36:44:125 LoadUserProfile: Releasing mutex.
    USERENV(b0.8c) 17:36:44:141 UnloadUserProfile: Leaving with a return value of 1


    When Logging on in the morning:

    Ones that stand out:
    USERENV(e4.160) 09:51:00:765 GetHkeyCU: RegOpenKey failed with error 2
    USERENV(b0.2bc) 09:51:14:500 CheckGPOs: No GPO changes but extension Security's MaxNoGPOListChangesInterval has been exceeded.
    USERENV(b0.2bc) 09:51:47:017 ProcessGPOs: -----------------------
    USERENV(b0.2bc) 09:51:47:033 ProcessGPOs: -----------------------
    USERENV(b0.2bc) 09:51:47:033 ProcessGPOs: Processing extension Application Management
    USERENV(b0.2bc) 09:51:47:033 CompareGPOLists: The lists are the same.
    USERENV(b0.2bc) 09:51:47:033 CheckGPOs: No GPO changes but couldn't read extension Application Management's status or policy time.
    USERENV(b0.2bc) 09:51:47:049 ProcessGPOs: Extension Application Management skipped because both deleted and changed GPO lists are empty.
    USERENV(b0.2bc) 09:51:47:049 ProcessGPOs: -----------------------
    USERENV(b0.2bc) 09:51:47:049 ProcessGPOs: Processing extension IP Security
    USERENV(b0.2bc) 09:51:47:049 CompareGPOLists: The lists are the same.
    USERENV(b0.2bc) 09:51:47:064 CheckGPOs: No GPO changes but couldn't read extension IP Security's status or policy time.
    USERENV(b0.2bc) 09:51:47:064 ProcessGPOs: Extension IP Security skipped because both deleted and changed GPO lists are empty.
    USERENV(b0.2bc) 09:51:47:064 LeaveCriticalPolicySection: Critical section 0x3b4 has been released.
    USERENV(b0.2bc) 09:51:47:064 ProcessGPOs: Computer Group Policy has been applied.
    USERENV(b0.2bc) 09:51:47:080 ProcessGPOs: Leaving with 1.
    USERENV(b0.2bc) 09:51:47:080 ApplyGroupPolicy: Leaving successfully.
    USERENV(394.39c) 09:51:47:252 LibMain: Process Name: C:\WINNT\system32\svchost.exe
    USERENV(b0.3ec) 09:51:48:002 PolicyChangedThread: Entering with 1.
    USERENV(b0.3f0) 09:51:48:017 GPOThread: Next refresh will happen in 105 minutes
    USERENV(b0.3ec) 09:51:48:017 PolicyChangedThread: Leaving
    USERENV(148.2bc) 09:51:52:939 LibMain: Process Name: C:\Program Files\Windows Defender\MsMpEng.exe
    USERENV(260.350) 09:51:53:330 LibMain: Process Name: C:\WINNT\System32\svchost.exe
    USERENV(260.4d0) 09:52:06:783 GetHkeyCU: RegOpenKey failed with error 2
    USERENV(1bc.484) 09:52:15:736 LibMain: Process Name: C:\WINNT\system32\spoolsv.exe
    USERENV(438.78) 09:52:17:267 LibMain: Process Name: C:\WINNT\System32\WBEM\WinMgmt.exe
    USERENV(11c.4a4) 09:52:43:830 LibMain: Process Name: C:\WINNT\System32\WBEM\WinMgmt.exe
  • Feb 21, 2008, 10:00 AM
    TechEmperor
    1.) In AD Users and Computers go to the "Computers" folder under the domain. On the permissions for that folder add "Domain Computers" with read permissions.

    2.) Then delete the computer account for the member computer with the problem, then go to that computer and rejoin the domain with the Network ID wizard.

    See if that works.
  • Feb 21, 2008, 11:59 AM
    chuckhole
    In addition to answer by TechEmporer, the WMI database may be corrupted. At the top, the instruction to ImpersonateUser is usually performed by the WMI.

    Are you using WMI calls in your logon script? Is your logon script a VBScript? Note there were a couple of instances where the HCU could not be opened. This is the user registry, HKEY_CURRENT_USER. Are you making registry calls using the EnumKey or EnumValues functions? This may cause the save profiles to fail if the PC's are using Windows XP SP1. This was supposed to be corrected in SP2 as well as providing the ability to stop the WMI services and dump the WBEM data.

    What is up with Outlook XP? Are you doing a local sync of the mailbox? It took 22 minutes for Outlook to shut down. What are you doing that would account for that?
  • Feb 21, 2008, 01:04 PM
    scoobydoo_157
    Just about an hour ago. We powered down a computer to move to the other side of the desk. Powered it back up and the profile was gone. I had to map out the printer, setup the outlook, etc...


    I added domain computers with read permissions
    (Incase someone else needs to find that: I had to go to view --> Advanced Features
    Then right click on the Computer OU and select Properties. Then the security tab shows up.)

    I deleted the computer from the OU. I deleted the users profile from the local computer too, just to start from scratch. Rebooted. Re-added the computer to the domain.

    I can't pin point what is happening at either log on or log off.

    I think it may be because these users once had roaming profiles maybe have corrupt SID's or bad registry stuff is being carried over. I am going to create a few new machines and then delete the user off AD and recreate them giving them a new SID.

    Any other suggestions?


    There are no WMI calls in the logon script. Just mapping drives the users needs access to.
    Scripts are batch files.

    The computers are Windows 2000 SP4

    Outlook - The pst is on their home drive
  • Feb 21, 2008, 02:56 PM
    chuckhole
    This does have to do with Roaming Profiles. Microsoft has a hotfix available for Windows 2000 and Windows XP PC's. Refer to MS KB 819536. You will have to contact MS for the hotfix but these types of calls are non decrement (no pay) on a support incident call.

    This would be much easier than deleting user accounts which does not guarantee that the problem will go away since it exists on the computer as well.
  • Feb 21, 2008, 03:30 PM
    scoobydoo_157
    So even though I have made them all local accounts are they still behaving has roaming?
  • Feb 22, 2008, 08:47 AM
    scoobydoo_157
    Adding domain computers with read permissions I don't think helped because another computer this morning had a reset profile.

    Today for this user it did create a new profile folder .000

    USERENV(b0.8c) 10:16:16:734 LibMain: Process Name: \? \C:\WINNT\system32\winlogon.exe
    USERENV(e4.e0) 10:16:18:671 LibMain: Process Name: C:\WINNT\system32\services.exe
    USERENV(f0.ec) 10:16:19:062 LibMain: Process Name: C:\WINNT\system32\lsass.exe
    USERENV(f0.ec) 10:16:22:640 LibMain: Process Name: C:\WINNT\system32\lsass.exe
    USERENV(e4.160) 10:16:25:531 GetHkeyCU: RegOpenKey failed with error 2
    USERENV(1a0.190) 10:16:26:515 LibMain: Process Name: C:\WINNT\system32\svchost.exe
    USERENV(1f4.1fc) 10:16:32:562 LibMain: Process Name: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    USERENV(204.20c) 10:16:33:671 LibMain: Process Name: C:\Program Files\Symantec AntiVirus\DefWatch.exe
    USERENV(25c.288) 10:16:35:453 LibMain: Process Name: C:\WINNT\SYSTEM32\DWRCS.EXE
    USERENV(b0.2f8) 10:16:39:156 ApplyGroupPolicy: Entering. Flags = 7
    USERENV(b0.2f8) 10:16:39:156 ProcessGPOs:
    USERENV(b0.2f8) 10:16:39:156 ProcessGPOs:
    USERENV(b0.2f8) 10:16:39:156 ProcessGPOs: Starting computer Group Policy processing...
    USERENV(b0.2f8) 10:16:39:156 ProcessGPOs:
    USERENV(b0.2f8) 10:16:39:171 ProcessGPOs:
    USERENV(b0.2f8) 10:16:39:171 EnterCriticalPolicySection: Machine critical section has been claimed. Handle = 0x3bc
    USERENV(b0.2f8) 10:16:39:203 ProcessGPOs: Machine role is 2.
    USERENV(b0.2f8) 10:16:39:234 PingComputer: PingBufferSize set as 2048
    USERENV(b0.2f8) 10:16:39:250 PingComputer: First time: 2
    USERENV(b0.2f8) 10:16:39:250 PingComputer: Fast link. Exiting.

    USERENV(b0.2f8) 10:16:42:531 ProcessGPOs: OpenThreadToken failed with error 1008, assuming thread is not impersonating

    USERENV(b0.8c) 10:19:05:372 LoadUserProfile: Entering, hToken = <0x544>, lpProfileInfo = 0x6f648
    USERENV(b0.8c) 10:19:05:387 LoadUserProfile: Entering, hToken = <0x544>, lpProfileInfo = 0x6f648
    USERENV(b0.8c) 10:19:05:387 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
    USERENV(b0.8c) 10:19:05:387 LoadUserProfile: lpProfileInfo->lpUserName = <mvisotsky>
    USERENV(b0.8c) 10:19:05:403 LoadUserProfile: NULL central profile path
    USERENV(b0.8c) 10:19:05:403 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\NASSAUSERVER\netlogon\Default User>
    USERENV(b0.8c) 10:19:05:403 LoadUserProfile: NULL server name
    USERENV(b0.8c) 10:19:05:747 GetUserMutex: entering
    USERENV(b0.8c) 10:19:06:169 GetUserMutex: Waiting...
    USERENV(b0.8c) 10:19:06:184 GetUserMutex: Wait succeeded. Mutex currently held.
    USERENV(b0.8c) 10:19:06:700 RestoreUserProfile: Entering
    USERENV(b0.8c) 10:19:06:700 IsCentralProfileReachable: Entering
    USERENV(b0.8c) 10:19:06:700 IsCentralProfileReachable: Null path. Leaving
    USERENV(b0.8c) 10:19:06:700 RestoreUserProfile: Profile path = <>
    USERENV(b0.8c) 10:19:06:716 ExtractProfileFromBackup: A profile already exists
    USERENV(b0.8c) 10:19:06:716 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting
    USERENV(b0.8c) 10:19:06:716 CreateLocalProfileKey: Not setting additional Security
    USERENV(b0.8c) 10:19:06:731 GetExistingLocalProfileImage: Found entry in profile list for existing local profile
    USERENV(b0.8c) 10:19:06:731 GetExistingLocalProfileImage: Local profile image filename = <%SystemDrive%\Documents and Settings\mvisotsky.OLYMPUS>
    USERENV(b0.8c) 10:19:06:731 GetExistingLocalProfileImage: Expanded local profile image filename = <C:\Documents and Settings\mvisotsky.OLYMPUS>
    USERENV(b0.8c) 10:19:06:747 GetExistingLocalProfileImage: No local mandatory profile. Error = 2
    USERENV(b0.8c) 10:19:06:747 GetExistingLocalProfileImage: Local profile image filename we got from our profile list doesn't exit. <C:\Documents and Settings\mvisotsky.OLYMPUS\ntuser.dat> Error = 32
    USERENV(b0.8c) 10:19:07:153 CreateLocalProfileKey: Not setting additional Security
    USERENV(b0.8c) 10:19:07:153 CreateLocalProfileImage: One way or another we haven't got an existing local profile, try and create one
    USERENV(b0.8c) 10:19:07:184 GetUserDomainName: DomainName = <OLYMPUS>
    USERENV(b0.8c) 10:19:07:184 CreateSecureDirectory: Entering with <C:\Documents and Settings\mvisotsky.OLYMPUS.000>
    USERENV(b0.8c) 10:19:07:200 CreateSecureDirectory: Created the directory <C:\Documents and Settings\mvisotsky.OLYMPUS.000>
    USERENV(b0.8c) 10:19:07:200 ComputeLocalProfileName: generated the profile directory <C:\Documents and Settings\mvisotsky.OLYMPUS.000>
    USERENV(b0.8c) 10:19:08:091 Creating Local Profile
    USERENV(b0.8c) 10:19:08:106 Local profile name is <C:\Documents and Settings\mvisotsky.OLYMPUS.000>
    USERENV(b0.8c) 10:19:08:106 RestoreUserProfile: Working with a new user. Go straight to issuing a default profile.
    USERENV(b0.8c) 10:19:08:106 RestoreUserProfile: Issuing default profile
    USERENV(b0.8c) 10:19:08:122 CheckNetDefaultProfile: Entering, lpNetPath = <\\NASSAUSERVER\netlogon\Default User>
    USERENV(b0.8c) 10:19:08:122 CheckXForestLogon: checking x-forest logon, user handle = 1348
    USERENV(b0.8c) 10:19:09:278 MyGetDomainDNSName: Successfully determined fqdn
    USERENV(b0.8c) 10:19:09:278 MyGetDomainDNSName: Successfully obtained domain dns name OLYMPUS
    USERENV(b0.8c) 10:19:09:278 CheckXForestLogon: not XForest logon.
    USERENV(b0.8c) 10:19:09:434 CheckNetDefaultProfile: setting default profile to NULL
    USERENV(b0.8c) 10:19:09:450 CheckNetDefaultProfile: Removing local copy of network default user profile.
    USERENV(b0.8c) 10:19:09:466 Delnode_Recurse: Entering, lpDir = <C:\Documents and Settings\Default User (Network)>
    USERENV(b0.8c) 10:19:09:466 CheckNetDefaultProfile: Leaving with a value of 0.
    USERENV(b0.8c) 10:19:09:466 IssueDefaultProfile: Entering. LpDefaultProfile = <C:\Documents and Settings\Default User> lpLocalProfile = <C:\Documents and Settings\mvisotsky.OLYMPUS.000>
    USERENV(b0.8c) 10:19:09:481 CopyProfileDirectoryEx: Entering, lpSourceDir = <C:\Documents and Settings\Default User>, lpDestinationDir = <C:\Documents and Settings\mvisotsky.OLYMPUS.000>, dwFlags = 0xc8101
    USERENV(b0.8c) 10:19:09:544 RecurseDirectory: Adding C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\ to the list of directories

    USERENV(b0.8c) 10:19:11:137 CopyProfileDirectoryEx: Setting Directory TimeStamps all Directories
    USERENV(b0.8c) 10:19:11:169 CopyProfileDirectoryEx: Set times on all directories
    USERENV(b0.8c) 10:19:11:169 CopyProfileDirectoryEx: Leaving with a return value of 1
    USERENV(b0.8c) 10:19:11:278 MyRegLoadKey: Mutex released. Returning 0.
    USERENV(b0.8c) 10:19:11:278 IssueDefaultProfile: Leaving successfully
    USERENV(b0.8c) 10:19:11:278 RestoreUserProfile: Successfully setup the local default.
    USERENV(b0.8c) 10:19:11:278 SetupNewHive: Entering
    USERENV(b0.8c) 10:19:11:294 SetDefaultUserHiveSecurity: Entering
    USERENV(b0.8c) 10:19:11:325 SecureUserKey: Entering
    USERENV(b0.8c) 10:19:11:325 SecureUserKey: Leaving with a return value of 1
    USERENV(b0.8c) 10:19:11:325 SecureUserKey: Entering
    USERENV(b0.8c) 10:19:11:341 SecureUserKey: Leaving with a return value of 1
    USERENV(b0.8c) 10:19:11:981 SetupNewHive: Leaving with a return value of 1
    USERENV(b0.8c) 10:19:11:997 MyRegLoadKey: Mutex released. Returning 0.
    USERENV(b0.8c) 10:19:11:997 CreateClassHive: existing user classes hive not found
    USERENV(b0.8c) 10:19:11:997 SetDefaultUserHiveSecurity: Entering
    USERENV(b0.8c) 10:19:12:012 RestoreUserProfile: About to Leave. Final Information follows:
    USERENV(b0.8c) 10:19:12:012 Profile was successfully loaded.
    USERENV(b0.8c) 10:19:12:012 lpProfile->lpRoamingProfile = <>
    USERENV(b0.8c) 10:19:12:012 lpProfile->lpLocalProfile = <C:\Documents and Settings\mvisotsky.OLYMPUS.000>
    USERENV(b0.8c) 10:19:12:028 lpProfile->dwInternalFlags = 0x204
    USERENV(b0.8c) 10:19:12:028 RestoreUserProfile: Leaving.
    USERENV(b0.8c) 10:19:12:059 UpgradeProfile: Entering
    USERENV(b0.8c) 10:19:12:059 UpgradeProfile: Build numbers match
    USERENV(b0.8c) 10:19:12:059 UpgradeProfile: Leaving Successfully
    USERENV(b0.8c) 10:19:12:075 LoadUserProfile: Releasing mutex.
    USERENV(b0.8c) 10:19:12:075 LoadUserProfile: Leaving with a value of 1.
    USERENV(b0.8c) 10:19:12:075 LoadUserProfile: hProfile = <0x53c>
  • Feb 22, 2008, 08:54 AM
    TechEmperor
    Are the users in the LOCAL ADMINISTRATOR group on their PCs?
  • Feb 22, 2008, 10:14 AM
    scoobydoo_157
    I have set a few to Local Admin to test. They are Power Users. I didn't want to give them local admin rights to tinker with the machine.
  • Feb 22, 2008, 11:52 AM
    TechEmperor
    We allow our domain users to be local admins. The only problems it ever causes are some spyware infections that are easily cleaned. They don't have rights to anyone else's files so the harm they can do as local admins is very limited. Even if they decided to destroy their PC by deleting the Windows directory or something we could drop a restored copy on it in less time than it took for them to break it. If the local admin rights fixes it I say give them all local admin rights.
  • Feb 25, 2008, 08:15 AM
    chuckhole
    Sorry it has taken so long to respond. I was out of touch all weekend. Please do not take offense TechEmperor but local Admin rights can be a nightmare for some companies. For anyone who has taken three months of their professional life to survive a software audit, it can get messy when users are allowed to install software, etc.

    There are a number of lines in your Userenv.log that concern me. First of all, why is it getting a default profile from your NETLOGON share? Is there a GPO that specifies the default profile path? Second, are these PC's imaged and if they are, was the image SYSPREPed?

    Create a share on a server (example SERVER1) called Profile$ and change the user account for Mvisotsky to a roaming profile path of \\server1\profile$. Allow the account to create a roaming profile in this location and then logoff the user. Then remove the roaming profile attributes from the user account and logon the user. There should still be a local copy of the same profile from which to load. A new copy should not be created.

    You mentioned in your first post that you were performing redirect of some user folder. How did you perform this? Was it folders only such as My Documents, etc. Remove your redirects one by one and observe the behavior of the profiles.

    USERENV(b0.8c) 10:19:05:372 LoadUserProfile: Entering, hToken = <0x544>, lpProfileInfo = 0x6f648
    USERENV(b0.8c) 10:19:05:387 LoadUserProfile: Entering, hToken = <0x544>, lpProfileInfo = 0x6f648
    USERENV(b0.8c) 10:19:05:387 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
    USERENV(b0.8c) 10:19:05:387 LoadUserProfile: lpProfileInfo->lpUserName = <mvisotsky>
    USERENV(b0.8c) 10:19:05:403 LoadUserProfile: NULL central profile path
    USERENV(b0.8c) 10:19:05:403 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\NASSAUSERVER\netlogon\Default User>
    USERENV(b0.8c) 10:19:05:403 LoadUserProfile: NULL server name
    USERENV(b0.8c) 10:19:05:747 GetUserMutex: entering
    USERENV(b0.8c) 10:19:06:169 GetUserMutex: Waiting...
    USERENV(b0.8c) 10:19:06:184 GetUserMutex: Wait succeeded. Mutex currently held.
    USERENV(b0.8c) 10:19:06:700 RestoreUserProfile: Entering
    USERENV(b0.8c) 10:19:06:700 IsCentralProfileReachable: Entering
    USERENV(b0.8c) 10:19:06:700 IsCentralProfileReachable: Null path. Leaving
    USERENV(b0.8c) 10:19:06:700 RestoreUserProfile: Profile path = <>
    USERENV(b0.8c) 10:19:06:716 ExtractProfileFromBackup: A profile already exists
    USERENV(b0.8c) 10:19:06:716 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting
  • Feb 25, 2008, 10:53 AM
    scoobydoo_157
    This path: \\NASSAUSERVER\netlogon\Default User
    Does not exist. There is nothing but logon scripts in the netlogon folder.

    I went through the Default Domain Policy and there is nothing specific configured.
    In my OU policy, it just has folder redirection for My Documents ( I took off the one for My Desktop). Sets the IE home page to our intranet.

    These are PC's that I have imaged and are SYSPREPed.

    I am trying to get away from roaming profiles.
    The issue was that all the users were originally roaming. As I image a PC and swap it out for the old one the user has, I make them a local profile and delete the profile path from the users properties AD.

    I was thinking that the issue might have been that on the new machine, I was originally logging on the first time to set the user up when they were still roaming. Then I switched them to local on the new machine. I would go to the old machine, log off, shut down and replace it with the new machine. I thought somehow maybe something was getting corrupt because of this?

    Also on all the old machines everyone was set as local admins. I was logging on their new machines and setting them up as Power Users. I thought maybe it didn't like that either.
    Possibly the SID is corrupt - somewhere along the line?

    It is only happening to users in one OU. I am thinking it could be the mapping of the Desktop and not being local admin?

    I have two other OU's that map My Docs and Desktop but they have local admin rights.

    Geeze. This gets confusing...

    Friday
    I created a new image, setup a new machine, deleted the user from AD, re-created the user and set the user up on the new machine. Made local admin.
    Everything is running fine so far.

    Trials
    1. New Image, New Machine, New User
    2. Make user local administrator
    3. Delete Computer from AD and rejoin to network (this one did not work)
    4. Remove Mapping Desktop in Policy
    5. Removing User from AD and recreate.

    I won't know which one of my crazy trials worked until it happens again...

  • All times are GMT -7. The time now is 12:47 PM.