Summary:
Users with Roaming Profiles on my XP workstations appear to be unable to do various things, e.g. set a default printer, disable toolbars in IE8, or see icons on the left side of the Start menu. Local accounts still work as expected.
Details:
I have a Mac OS X Server (10.6.4) Open Directory server that acts as a PDC for a few Windows XP workstations. Recently, I upgraded it (10.5 --> 10.6) and another Mac server that is the BDC and OD Replica.
A few weeks later, I found out that the XP workstations were having issues with the roaming profiles. Users would get an error at login (effectively, "I can't copy your profile from the server, so I'm using the local copy.") and then see their desktop. They thought that they were OK, so they didn't report the problem at first. However, it wasn't copying their profiles to the server.
In order to fix this, I moved a workstation from the domain to the workgroup "WORKGROUP", restarted, and move it back.
After that, they could login, but a new issue started. (I mention the previous stuff in case there is a clue in there.) Now a roaming-profile user can't do things that make lasting changes. For example, they DO get their documents but they CAN'T print, set a default printer, or disable the Google or MSN toolbars in Internet Explorer.
I'm out of ideas. I've tried a few things that I didn't list above, but none of them helped.
Any advise would be GREATLY appreciated.
Here's my best guess. My gut says that the permissions on the registry hives inside the users' roaming user profiles may be munged up. Assuming your users don't have "Administrator" rights, that's where I'd start looking first.
Logon as one of your problem users, open
regedit
, navigate toHKEY_CURRENT_USER
, and look at the permissions (Edit / Permissions in the menu). I would expect you to see a permission for the domain account of the user you're logged-in as with "Full Control" and "Read" permission.If you see this behavior, logon as an "Administrator", use the "Load Hive..." functionality in
regedit
to load the NTUSER.DAT file from the user's roaming profile folder into a subkey ofHKEY_LOCAL_MACHINE
, modify the permission at that subkey to includeDOMAIN\User
with "Full Control" permission, unload the hive, and logon as the user.You can get these permission fouled-up by manually copying around profiles in the filesystem, rather than using the "Copy To" functionality in the "User Profiles" dialog of the "System Properties" dialog.