RE: Computer & Local Profile Migration Trouble

From: Joe Wu [MSFT] (joewu_at_online.microsoft.com)
Date: 03/17/04

Next message: Joe Wu [MSFT]: "RE: migrating to w2k3 from nt4...yet another question"
Previous message: Alex Zhang: "RE: Which domain controller to upgrade first?"
In reply to: Johnny Wright: "RE: Computer & Local Profile Migration Trouble"
Next in thread: anonymous_at_discussions.microsoft.com: "RE: Computer & Local Profile Migration Trouble"
Reply: anonymous_at_discussions.microsoft.com: "RE: Computer & Local Profile Migration Trouble"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 17 Mar 2004 11:42:24 GMT

Hello Johnny,

Thank you for your reply. I am glad to know that the problem has been
resolved.

We can adjust registry permissions by using GPO in AD-based domains.
However, in Windows NT domain, we can use a tool called subinacl.exe with
a command like the following:

subinacl /subkeyreg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
/grant="LOCAL SERVICE"=r

You can download the SubInACL tool from the following web site:

SubInACL
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-
93cf-ed6985e3927b&displaylang=en

For detailed information regarding the usage of this tool, please refer to
the Windows 2000 Resource Kit Tools document or run the following command:

SubInAcl /help /full

Thanks!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|Content-Class: urn:content-classes:message
|From: "Johnny Wright" <anonymous@discussions.microsoft.com>
|Sender: "Johnny Wright" <anonymous@discussions.microsoft.com>
|References: <eurbf#UCEHA.2576@TK2MSFTNGP11.phx.gbl>
<Zg4m3wmCEHA.564@cpmsftngxa06.phx.gbl>
<d51101c40aae$64bf9180$a301280a@phx.gbl>
<QsDedIxCEHA.2304@cpmsftngxa06.phx.gbl>
|Subject: RE: Computer & Local Profile Migration Trouble
|Date: Tue, 16 Mar 2004 04:57:44 -0800
|Lines: 234
|Message-ID: <dfb401c40b56$462a0b30$a401280a@phx.gbl>
|MIME-Version: 1.0
|Content-Type: text/plain;
| charset="iso-8859-1"
|Content-Transfer-Encoding: 7bit
|X-Newsreader: Microsoft CDO for Windows 2000
|X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|Thread-Index: AcQLVkYq0mnjq7rzR3+CQW0Blp32eQ==
|Newsgroups: microsoft.public.windows.server.migration
|Path: cpmsftngxa06.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.windows.server.migration:8815
|NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
|X-Tomcat-NG: microsoft.public.windows.server.migration
|
|Joe
|Thank you very much for your reply. That appears to have
|worked for me. I added the Local Server to the
|permission list and the migration of that XP machine went
|fine.
|
|Now that I have set the permissions on this reg key, can
|I export it to a reg file and then import it through a
|logon script to other PCs? If so, will this maintain the
|Local Service permission? If not, is there a way to set
|the correct permission on all PCs without having to
|manually visit each one?
|
|Thanks
|Johnny
|>-----Original Message-----
|>Hello Johnny,
|>
|>Thank you for your update and I am glad to hear that we
|are making progress.
|>
|>Please check the problematic client and see if the LOCAL
|SERVICE group have
|>permissions of the following regisry key:
|>
|>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secur
|ePipeServers\winreg
|>
|>I resolved a similar issue before by using the above
|method.
|>
|>Thanks and have a great day!
|>
|>Regards,
|>Joe Wu
|>Product Support Services
|>Microsoft Corporation
|>
|>Get Secure! - www.microsoft.com/security
|>
|>====================================================
|>When responding to posts, please "Reply to Group" via
|your newsreader so
|>that others may learn and benefit from your issue.
|>====================================================
|>This posting is provided "AS IS" with no warranties, and
|confers no rights.
|>
|>--------------------
|>|Content-Class: urn:content-classes:message
|>|From: "John Wright"
|<anonymous@discussions.microsoft.com>
|>|Sender: "John Wright"
|<anonymous@discussions.microsoft.com>
|>|References: <eurbf#UCEHA.2576@TK2MSFTNGP11.phx.gbl>
|><Zg4m3wmCEHA.564@cpmsftngxa06.phx.gbl>
|>|Subject: RE: Computer & Local Profile Migration Trouble
|>|Date: Mon, 15 Mar 2004 08:56:00 -0800
|>|Lines: 141
|>|Message-ID: <d51101c40aae$64bf9180$a301280a@phx.gbl>
|>|MIME-Version: 1.0
|>|Content-Type: text/plain;
|>| charset="iso-8859-1"
|>|Content-Transfer-Encoding: 7bit
|>|X-Newsreader: Microsoft CDO for Windows 2000
|>|X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|>|Thread-Index: AcQKrmS9sJ5lj10cReGeJKONyzhpdQ==
|>|Newsgroups: microsoft.public.windows.server.migration
|>|Path: cpmsftngxa06.phx.gbl
|>|Xref: cpmsftngxa06.phx.gbl
|microsoft.public.windows.server.migration:8772
|>|NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
|>|X-Tomcat-NG: microsoft.public.windows.server.migration
|>|
|>|Joe
|>|Thank you for your post and the suggestion. I tried
|what
|>|you suggested and it has worked on one machine in my
|test
|>|environment but failed with another machine. I get the
|>|exact same error. I have put the target\domain admins
|>|group into the local domain admin groups and had the PC
|>|logged off.
|>|
|>|Do you have any further suggestions as to why this
|would
|>|not work?
|>|
|>|Thanks
|>|Johnny
|>|>-----Original Message-----
|>|>Hello Johnny,
|>|>
|>|>Thank you for your post.
|>|>
|>|>The error indicates that the account running ADMT do
|not
|>|have permissions
|>|>to dispatch an ADMT agent to the computer to be
|migrated.
|>|>
|>|>Generally speaking there are 2 conditions which may
|>|affect the ADMT agent
|>|>installation on a machine:
|>|>
|>|> 1. The domain admins group needs to be added to the
|>|local admins group on
|>|>every machine
|>|>
|>|> 2. All users must be logged off the machines to be
|>|migrated.
|>|>
|>|>Please manually add the target domain's Administrator
|to
|>|the local
|>|>administrators group on the client machine and then
|use
|>|this account
|>|>(TargetDomain\administrator) to run the ADMT tool and
|>|check if the problem
|>|>has been resovled.
|>|>
|>|>I hope this helps. Thanks!
|>|>
|>|>Regards,
|>|>Joe Wu
|>|>Product Support Services
|>|>Microsoft Corporation
|>|>
|>|>Get Secure! - www.microsoft.com/security
|>|>
|>|>====================================================
|>|>When responding to posts, please "Reply to Group" via
|>|your newsreader so
|>|>that others may learn and benefit from your issue.
|>|>====================================================
|>|>This posting is provided "AS IS" with no warranties,
|and
|>|confers no rights.
|>|>
|>|>--------------------
|>|>|From: "Johnny Wright" <lactoz@hotmail.com>
|>|>|Subject: Computer & Local Profile Migration Trouble
|>|>|Date: Sat, 13 Mar 2004 18:07:16 -0500
|>|>|Lines: 38
|>|>|X-Priority: 3
|>|>|X-MSMail-Priority: Normal
|>|>|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|>|>|X-MimeOLE: Produced By Microsoft MimeOLE
|V6.00.2800.1165
|>|>|Message-ID: <eurbf#UCEHA.2576@TK2MSFTNGP11.phx.gbl>
|>|>|Newsgroups: microsoft.public.windows.server.migration
|>|>|NNTP-Posting-Host: 67.71.125.40
|>|>|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!
|>|TK2MSFTNGP11.phx.gbl
|>|>|Xref: cpmsftngxa06.phx.gbl
|>|microsoft.public.windows.server.migration:8745
|>|>|X-Tomcat-NG: microsoft.public.windows.server.migration
|>|>|
|>|>|I am in the final testing phase of our migration
|>|project and I am having
|>|>|trouble migrating computer accounts from the NT 4.0
|>|domain to the Windows
|>|>|2003 domain. The migration shows that the computer
|has
|>|migrated but when
|>|>it
|>|>|tries to dispatch the agent to the PC it fails.
|>|Looking through the logs I
|>|>|see the following error:
|>|>|
|>|>|Started job: \\IBM6E IBM6E2452857 {F3B03B03-124D-
|4BFD-
|>|B3F1-CAE36B0F67B8}
|>|>|2004-03-01 16:55:10 All agents are installed. The
|>|dispatcher is finished.
|>|>|2004-03-13 14:50:31 Created account input file for
|>|remote agents:
|>|>|DCTCache.028
|>|>|2004-03-13 14:50:31 Installing agent on 1 servers
|>|>|2004-03-13 14:50:31 The Active Directory Migration
|Tool
|>|Agent will be
|>|>|installed on \\600E2KSP4
|>|>|2004-03-13 14:50:31 WRN1:7290 Processor architecture
|>|for machine
|>|>\\600E2KSP4
|>|>|is unknown, Error accessing registry key
|>|>|SYSTEM\CurrentControlSet\Control\Session
|>|Manager\Environment rc=5
|>|>|Access is denied.
|>|>|2004-03-13 14:50:31 ERR2:7006 Failed to install agent
|>|on \\600E2KSP4, rc=5
|>|>|Access is denied.
|>|>|2004-03-13 14:50:31 ERR2:7005 Failed to launch agent
|on
|>|\\600E2KSP4,
|>|>|hr=80070005 Access is denied.
|>|>|2004-03-13 14:50:32 All agents are installed. The
|>|dispatcher is finished
|>|>|
|>|>|I get the same error with Windows 2000 SP4 and
|Windows
|>|XP SP1 machines. I
|>|>|believe that I have followed all of the correct steps
|>|but can't seem to get
|>|>|this to work. User accounts appear to be migrating
|>|over fine but computer
|>|>|accounts are not.
|>|>|
|>|>|Can anyone point me in the right direction on how to
|>|get the NT 4.0
|>|>computer
|>|>|accounts to migrate properly and how to get the
|user's
|>|local profiles to
|>|>|migrate as well. I would like it so that users could
|>|log onto the new 2003
|>|>|domain and have the same desktop, printers and
|>|everything that they have in
|>|>|the existing NT 4.0 domain.
|>|>|
|>|>|Thanks in advance for your help
|>|>|Johnny
|>|>|
|>|>|
|>|>|
|>|>
|>|>.
|>|>
|>|
|>
|>.
|>
|

Next message: Joe Wu [MSFT]: "RE: migrating to w2k3 from nt4...yet another question"
Previous message: Alex Zhang: "RE: Which domain controller to upgrade first?"
In reply to: Johnny Wright: "RE: Computer & Local Profile Migration Trouble"
Next in thread: anonymous_at_discussions.microsoft.com: "RE: Computer & Local Profile Migration Trouble"
Reply: anonymous_at_discussions.microsoft.com: "RE: Computer & Local Profile Migration Trouble"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

RE: Computer & Local Profile Migration Trouble
... |Sender: "Johnny Wright" ... Produced By Microsoft MimeOLE V5.50.4910.0300 ... |>|Subject: RE: Computer & Local Profile Migration Trouble ... Microsoft CDO for Windows 2000 ...
(microsoft.public.windows.server.migration)
RE: Error 1402
... >Microsoft Corporation ... >>This is a permissions issue that must be fixed through ... >>the Windows operating system. ... >>Do not use the registry key given in the Microsoft ...
(microsoft.public.windowsxp.security_admin)
RE: migrate from windows nt4 to windows 2003
... I want to setup a new machine with with windows 2003 server that will have ... > win2k3 DC, that is to say, you will use a new win2k3 domain. ... > migration, we can use User Migration Wizard in ADMT. ... > Microsoft is providing this information as a convenience to you. ...
(microsoft.public.windows.server.migration)
RE: Boot device error 0x0000007B+0xf789e63c
... During running the "Computer Migration Wizard", ... Migration of a Windows NT 4.0 Account Domain to Active Directory ... Microsoft Online Partner Support ...
(microsoft.public.windows.server.migration)
RE: Moving over to a Win2k Domain
... Microsoft Partner Support ... | You can use the Active Directory Migration tool to migrate users, ... it is often best to install and run ADMTv2 on ...
(microsoft.public.win2000.active_directory)