January 9th, 2008, 11:13 PM
User Profile Go Bye-Bye
It's been a bad day.
Same user I talked about in this thread.
So during troubleshooting the problem in the above thread, I'm having the user reboot his laptop a couple of times. And whatdya know, as if I didn't have enough to deal with today, upon one such bootup he gets a profile error, a nice userenv event log, and is logged into a temporary profile. And he's remote. Yay.
So this is nothing new; I've dealt with this rather annoying Windows corrupt profile problem my fair share of times and know the drill. Log him out, log in as admin, rename his profile something like .old, log him back in to create new user profile, copy docs/settings from old profile to new one, send user on his merry way. Boss gave me permission to give this user our admin password so I could walk him through these steps over the phone, boss assuring me he'll very quickly forget the login, no worries (shows you how much faith they have in this user). Ok, whatever, done.
So I've copied everything over to the newly created profile. Log out of admin, log him back in...everything's gone. Desktop, docs, etc. -- wait, I copied that over!
Ok, fine. Repeat process. Delete profile, log him in for fresh new profile, except this time --
Windows cannot find domain. Eh? But user login is cached, so that doesn't make sense. Ok, fine, check use dial-up connection at login, login through VPN, domain found, logs right on in, done.
Resolved? Not quite -- It doesn't even create a new profile folder! Instead, I venture into Docs and Settings to find him now storing docs/settings in "temp.domain" instead of "username.domain".
So, ok, fine. Not one to give up yet, I try to delete "temp.domain" profile to do this a third time fresh. But wait! "Cannot delete" the profile because it is a "system file".
Never seen that happen before. Well anyway, after all was said and done, I had him in temp.domain profile with all his docs, settings, etc. restored. It works, user's happy, fine. So what we're going to do is wait until he brings the laptop in, back everything up, reimage it, and be done.
But I'm wondering, what in the world could of caused this to happen? Is there a way to fix it without just reinstalling Windows fresh? Maybe I've just been lucky not having run into this before?
FYI, boss theorizes that somewhere along the way, the user installing the linksys software is what triggered this to happen. I dunno, I'm skeptical on that, but it really weird timing.
Last edited by AngelicKnight; January 9th, 2008 at 11:17 PM.
January 10th, 2008, 12:35 AM
do you still have the original profile with data still in it? if so do this, unjoin from the domain then reboot. (make sure you create a local login with admin access first). Join to the domain again then reboot. Log your user in then reboot, login as admin open command prompt go to c:\documents and setting then do xcopy oldaccount newaccount /s /h /r /c and say yes to all this will migrate his old settings into his new account exactly so you won't have to redo the whole thing. works great after reinstalling the OS if you still have all the user data still there as well.
January 10th, 2008, 03:49 PM
Yes, kept the old profile, renamed to .old.
Since he's remote, can't easily disjoin and rejoin to the domain, hence this being more complicated than usual.
January 10th, 2008, 10:13 PM
No replies after a day? For shame. I figured surely you guys'd bite on this challenge.
So it continues to get stranger. With this new "temp.domain" he's in (note his user logon still steadily shows "domain\username"), I can't set any default printers. Results are interesting. In some programs (wordpad) I can print just fine. Adobe Acrobat 6.0 then spat out an error that no printers were installed. Deleted, added back printer, updated driver, no change.
Ventured into registry, found printer settings there to be EMPTY. Tried following a ridiculously complicated MS support article of loading settings from another user profile, no dice. Tried manually weeding my way through the registry and importing the .reg file for printer configuration from his old profile, didn't allow me (administrator) permission to do so. Then opened Excel, error says no printers installed. Rebooted, opened it back up, was able to manually select printer, it printed.
Now when I say I can't set the default printer, I mean in the Printers and Faxes window, I see my list of printers, I right-click my desired one and choose "set as default" -- no error...no error, no nothing. As in none have the checkmark designating one default. So nothing simply happens.
I'm 90% sure it's related to him being trapped in this weird temp profile, and has to do with the registry not populating printer settings.
So anyway, I finally got him to ship the laptop out to me, he's on the road to send it out as I type this, so I'll finally have my hands on it so I can actually do some real work on it. Backup, reinstall, call it a day.
By red_budha in forum Miscellaneous Security Discussions
Last Post: April 1st, 2006, 08:16 PM
By akachuckie in forum The Security Tutorials Forum
Last Post: February 24th, 2005, 01:47 AM
By MrLinus in forum Miscellaneous Security Discussions
Last Post: October 28th, 2004, 05:29 PM
By steve.milner in forum IDS & Scanner Discussions
Last Post: August 12th, 2004, 01:23 PM
By R0n1n in forum *nix Security Discussions
Last Post: November 20th, 2002, 02:20 PM