Re: Permissions issue with users in Domain Users not able to see p
From: Ziguana (Ziguana_at_discussions.microsoft.com)
Date: 11/09/04
- Previous message: Ziguana: "Re: Permissions issue with users in Domain Users not able to see p"
- In reply to: Marina Roos [SBS-MVP]: "Re: Permissions issue with users in Domain Users not able to see p"
- Next in thread: Marina Roos [SBS-MVP]: "Re: Permissions issue with users in Domain Users not able to see p"
- Reply: Marina Roos [SBS-MVP]: "Re: Permissions issue with users in Domain Users not able to see p"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 8 Nov 2004 20:41:04 -0800
Is there something I can change in the HKEY_CURRENT_USER reg when the user is
logged in to fix it?
"Marina Roos [SBS-MVP]" wrote:
> Hi Mike,
>
> I wouldn't know of such a tool. I think you will be much quicker done doing
> it the way I proposed. Are you talking about the local policies on a
> computer? A user always has to have local logon rights on a computer, else
> he won't be able to do anything ;-)
>
> What you could try, is delete the user profile on the computer when logged
> on as admin (without removing the computer account), then recreate it by
> simply logon as that user. Save you some time.
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
>
> "Ziguana" <Ziguana@discussions.microsoft.com> schreef in bericht
> news:39604D49-BCAC-47D3-AA88-41358A0090B2@microsoft.com...
> > Tnanks Marina, the plot thinkens and what you say definatly makes sence.
> >
> > Thing is I just created a test new user and they work fine. Is there
> anyway
> > of listing the user rights like logon locally etc those rights so I can
> > compare an old user against my new user and see what is different.
> >
> > If nothing then I have a long haul ahead to make the changes you talk
> about
> > below to all users :-(
> >
> > Thanks
> >
> > "Marina Roos [SBS-MVP]" wrote:
> >
> > > Hi Mike,
> > >
> > > I think that you cannot just copy profiles from one server to another
> server
> > > and expect them to work like that.
> > > What you can try, is remove a computer account from the SBS. Put the
> > > computer into a workgroup. Recreate the computeraccount on the SBS. Boot
> the
> > > client and make sure the ipconfig/all is pointing to the server. Use
> > > servername/connectcomputer to join the computer.
> > > Then login as a user (make sure the user is a local admin on the
> computer)
> > > and let it create a profile and install the applications if needed. Log
> out
> > > as that user and login as admin. At this point you can copy the old user
> > > profile over the new profile (assuming the old profile does work).
> > > Login as that user again, after you have setup the roaming profile on
> the
> > > server. At this point the local profile should be copied to the server
> when
> > > login out.
> > > Check it out. Than remove the user from the local admin group and try
> again.
> > >
> > > --
> > > Regards,
> > >
> > > Marina
> > > Microsoft SBS-MVP
> > >
> > > "Ziguana" <Ziguana@discussions.microsoft.com> schreef in bericht
> > > news:4E3BDCC3-3F2F-4EA9-853F-88396543F454@microsoft.com...
> > > > Hi Marina, the stuff in my first post doesn't work, see below: -
> > > >
> > > > History: -
> > > >
> > > > I did an upgrade to my servers, basically I had SBS 2003 with 50 users
> on
> > > > it, the server was old so we bought a new server. I built the server
> to be
> > > a
> > > > 2003 Server in the same domain, server name, same settings the lot etc
> and
> > > > then installed Exchange with all the same settings etc etc
> > > >
> > > > I then manually re-created all the users (easiest way as I only have
> 50
> > > > users, didn't want to swing or migrate, wanted to leave current config
> in
> > > > place while I built the other).
> > > >
> > > > I then Exmerged all the email, copied all the data and profiles,
> switched
> > > > off the old servers plugged in the new, re-added all the PC's to the
> new
> > > > domain.
> > > >
> > > > Issue: -
> > > >
> > > > When I log in (with admin privileges) my profile comes down correctly,
> my
> > > > email works, printers are available and policies are present. All
> works
> > > fine.
> > > >
> > > > When a normal user logs in (with Domain User privileges) firstly the
> group
> > > > policies aren't coming into effect. No got any more info than this at
> the
> > > > min, no errors no nothing! I backed up and restored my GPO's from the
> last
> > > > server.
> > > >
> > > > Secondly when my users log on and download there profile form the
> server
> > > > they don't see all of the profile. I restored there profiles from
> backup.
> > > > When I look on the PC when they are logged in in documents and
> settings
> > > at
> > > > the profile they can only see certain folders: -
> > > >
> > > > Users Documents
> > > > Desktop
> > > > Favorites
> > > > Start Menu
> > > > WINDOWS
> > > >
> > > > They can't see: -
> > > >
> > > > Application Data
> > > > Local Settings
> > > > etc
> > > > etc
> > > >
> > > > I thought at first it wasn't downloading those folders but if I log on
> as
> > > an
> > > > administrator and click on the cached copy of there profile all the
> > > folders
> > > > are there, it's only when they are logged in that they can't see it.
> > > >
> > > > It shouldn't be a permissions thing on the folder as they can download
> it.
> > > >
> > > > It's not that they are hidden as I clicked to show hidden files and
> > > folders.
> > > > This is causing outlook to fail as they can't see the application data
> > > > folder. Also no printers etc
> > > >
> > > > Anyone any ideas as to what's happening here? Not sure if there's an
> > > overall
> > > > permissions issue because the way I got round this problem was to put
> all
> > > my
> > > > users into the Domain Admins group, everything works fine now but I
> need
> > > to
> > > > get them all out of Domain Admins asap!
> > > >
> > > > Any help would be greatly appreciated.
> > > >
> > > > Thanks in advance.
> > > >
> > > > Mike
> > > >
> > > >
> > > >
> > > > "Marina Roos [SBS-MVP]" wrote:
> > > >
> > > > > Hi Ziguana,
> > > > >
> > > > > What doesn't work? You will only need to add them to the local admin
> > > group
> > > > > when you rejoin the clients. After all the applications have been
> > > installed,
> > > > > you can remove them from the admin group. It will however depend on
> the
> > > > > program they are using, if they need to be a local admin or not.
> Office
> > > only
> > > > > needs it during installation, after that, a user can use the program
> > > without
> > > > > problems.
> > > > >
> > > > > --
> > > > > Regards,
> > > > >
> > > > > Marina
> > > > > Microsoft SBS-MVP
> > > > >
> > > > > "Ziguana" <Ziguana@discussions.microsoft.com> schreef in bericht
> > > > > news:808D16CF-B12B-44D2-BF5B-C97B691AA269@microsoft.com...
> > > > > > Marina I still have this problem. Yes adding the domain users to
> the
> > > local
> > > > > > admin group fixes it but I don't want to go this far. I don't want
> to
> > > give
> > > > > > the users admin permissions to there own machine.
> > > > > >
> > > > > > What has changed that they would need this? Are there any other
> > > solutions?
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Marina Roos [SBS-MVP]" wrote:
> > > > > >
> > > > > > > Hi Ziguana,
> > > > > > >
> > > > > > > What if you add the domain users to the local administrators
> group
> > > on
> > > > > the
> > > > > > > computer?
> > > > > > >
> > > > > > > --
> > > > > > > Regards,
> > > > > > >
> > > > > > > Marina
> > > > > > > Microsoft SBS-MVP
> > > > > > >
> > > > > > > "Ziguana" <Ziguana@discussions.microsoft.com> schreef in bericht
> > > > > > > news:B3D7DD94-4C69-4DA3-9F13-8A63340186EA@microsoft.com...
> > > > > > > > Yes I re-added all the workstations to the domain, one at a
> time
> > > > > adding a
> > > > > > > > domain user account (administrator) everytime.
> > > > > > > >
> > > > > > > > Any other ideas?
> > > > > > > >
> > > > > > > > It works when someone with admin or domain admin rights logs
> in.
> > > Not
> > > > > when
> > > > > > > > users with just domain user rights.
> > > > > > > >
> > > > > > > > "Hopeing none of the users realise they have extra privaliges
> at
> > > the
> > > > > > > min"!!
> > > > > > > >
> > > > > > > > Thanks
> > > > > > > >
> > > > > > > >
> > > > > > > > "Marina Roos [SBS-MVP]" wrote:
> > > > > > > >
> > > > > > > > > Hi Ziguana,
> > > > > > > > >
> > > > > > > > > Did you rejoin the workstations to the SBS? Although you
> kept
> > > the
> > > > > same
> > > > > > > name,
> > > > > > > > > the SID has changed, so you will need to rejoin.
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Regards,
> > > > > > > > >
> > > > > > > > > Marina
> > > > > > > > > Microsoft SBS-MVP
> > > > > > > > >
> > > > > > > > > "Ziguana" <Ziguana@discussions.microsoft.com> schreef in
> bericht
> > > > > > > > > news:8BC8CB78-B2F9-497E-979E-4297C0AC479B@microsoft.com...
> > > > > > > > > > History: -
> > > > > > > > > >
> > > > > > > > > > I did an upgrade to my servers, basically I had SBS 2003
> with
> > > 50
> > > > > users
> > > > > > > on
> > > > > > > > > > it, the server was old so we bought a new server. I built
> the
> > > > > server
> > > > > > > to be
> > > > > > > > > a
> > > > > > > > > > 2003 Server in the same domain, server name, same settings
> the
> > > lot
> > > > > etc
> > > > > > > and
> > > > > > > > > > then installed Exchange with all the same settings etc etc
> > > > > > > > > >
> > > > > > > > > > I then manually re-created all the users (easiest way as I
> > > only
> > > > > have
> > > > > > > 50
> > > > > > > > > > users, didn't want to swing or migrate, wanted to leave
> > > current
> > > > > config
> > > > > > > in
> > > > > > > > > > place while I built the other).
> > > > > > > > > >
> > > > > > > > > > I then Exmerged all the email, copied all the data and
> > > profiles,
> > > > > > > switched
> > > > > > > > > > off the old servers plugged in the new, re-added all the
> PC's
> > > to
> > > > > the
> > > > > > > new
> > > > > > > > > > domain.
> > > > > > > > > >
> > > > > > > > > > Issue: -
> > > > > > > > > >
> > > > > > > > > > When I log in (with admin privileges) my profile comes
> down
> > > > > correctly,
> > > > > > > my
> > > > > > > > > > email works, printers are available and policies are
> present.
> > > All
> > > > > > > works
> > > > > > > > > fine.
> > > > > > > > > >
> > > > > > > > > > When a normal user logs in (with Domain User privileges)
> > > firstly
> > > > > the
> > > > > > > group
> > > > > > > > > > policies aren't coming into effect. No got any more info
> than
> > > this
> > > > > at
> > > > > > > the
> > > > > > > > > > min, no errors no nothing! I backed up and restored my
> GPO's
> > > from
> > > > > the
> > > > > > > last
> > > > > > > > > > server.
> > > > > > > > > >
> > > > > > > > > > Secondly when my users log on and download there profile
> form
> > > the
> > > > > > > server
> > > > > > > > > > they don't see all of the profile. I restored there
> profiles
> > > from
> > > > > > > backup.
> > > > > > > > > > When I look on the PC when they are logged in in
> documents
> > > and
> > > > > > > settings
> > > > > > > > > at
> > > > > > > > > > the profile they can only see certain folders: -
> > > > > > > > > >
> > > > > > > > > > Users Documents
> > > > > > > > > > Desktop
> > > > > > > > > > Favorites
> > > > > > > > > > Start Menu
> > > > > > > > > > WINDOWS
> > > > > > > > > >
> > > > > > > > > > They can't see: -
> > > > > > > > > >
> > > > > > > > > > Application Data
> > > > > > > > > > Local Settings
> > > > > > > > > > etc
> > > > > > > > > > etc
> > > > > > > > > >
> > > > > > > > > > I thought at first it wasn't downloading those folders but
> if
> > > I
> > > > > log on
> > > > > > > as
> > > > > > > > > an
> > > > > > > > > > administrator and click on the cached copy of there
> profile
> > > all
> > > > > the
> > > > > > > > > folders
> > > > > > > > > > are there, it's only when they are logged in that they
> can't
> > > see
> > > > > it.
> > > > > > > > > >
> > > > > > > > > > It shouldn't be a permissions thing on the folder as they
> can
> > > > > download
> > > > > > > it.
> > > > > > > > > >
> > > > > > > > > > It's not that they are hidden as I clicked to show hidden
> > > files
> > > > > and
> > > > > > > > > folders.
> > > > > > > > > > This is causing outlook to fail as they can't see the
> > > application
> > > > > data
> > > > > > > > > > folder. Also no printers etc
> > > > > > > > > >
> > > > > > > > > > Anyone any ideas as to what's happening here? Not sure if
> > > there's
> > > > > an
> > > > > > > > > overall
> > > > > > > > > > permissions issue because the way I got round this problem
> was
> > > to
> > > > > put
> > > > > > > all
> > > > > > > > > my
> > > > > > > > > > users into the Domain Admins group, everything works fine
> now
> > > but
> > > > > I
> > > > > > > need
> > > > > > > > > to
> > > > > > > > > > get them all out of Domain Admins asap!
> > > > > > > > > >
> > > > > > > > > > Any help would be greatly appreciated.
> > > > > > > > > >
> > > > > > > > > > Thanks in advance.
> > > > > > > > > >
> > > > > > > > > > Mike
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>
- Previous message: Ziguana: "Re: Permissions issue with users in Domain Users not able to see p"
- In reply to: Marina Roos [SBS-MVP]: "Re: Permissions issue with users in Domain Users not able to see p"
- Next in thread: Marina Roos [SBS-MVP]: "Re: Permissions issue with users in Domain Users not able to see p"
- Reply: Marina Roos [SBS-MVP]: "Re: Permissions issue with users in Domain Users not able to see p"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
