RE: username change best practices...

I would recommend creating a new user account, rather than trying to
rename an old one. This would illustrate the imporatance of using
security groups for access control, rather than granting the user
account permissions to resources.

Tim

-----Original Message-----
From: Murda Mcloud [mailto:murdamcloud@xxxxxxxxxxx]
Sent: Monday, July 31, 2006 10:59 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: username change best practices...



Hi all,
I seem to remember being given the advice on an MS course for giving a
new user same privileges/access etc as the old user they were replacing
by just renaming the current account in AD User+Comps.

How does this affect things like profile paths on a workstation? It
seems that when I do this for instance, profile path stays as 'c:\docs
and settings\usernameold' etc but the new user, ie usernamenew, sees
that 'old'
profile when logging into the machine. What are the security
implications of this if any? We don't use roaming profiles as no-one
roams.

And how does this affect security issues for VB scripts that run using
parameters like SPECIAL FOLDERS (eg My Documents/desktop) etc? Is there
some accepted practice for renaming the local profile path-vis a vis
security standpoint?





------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------

Relevant Pages

  • Re: Roaming Profile Not Staying Mandatory
    ... this account is a school and they want to be able to track the ... They use symantec web security which also requires security. ... The parent profile share is hidden with the name mprofile$. ...
    (microsoft.public.win2000.setup)
  • Re: Cant Copy User Profile
    ... If both machines are using the NTFS file system then the ACL security descriptors will be different for each Admin account. ... Your old Admin rights won't be recognised by your ACL information for your new profile, in essence your account doesn't have access to your old profile. ...
    (microsoft.public.windowsxp.general)
  • RE: username change best practices...
    ... profile actually uses the SID to determine the profile path. ... create a new Local profile after renaming the account. ... If you have a particular user account that is part of multiple security ...
    (Focus-Microsoft)
  • Re: Win32 security limitations: why?
    ... Microsoft MVP (Windows Security) ... > Trying to spawn a process from an impersonated client from within IIS-ASP ... > under the imporsonated account because the SeAssignPrimaryTokenPrivilege ... > loading another user's profile is a security risk, ...
    (microsoft.public.security)
  • username change best practices...
    ... How does this affect things like profile paths on a workstation? ... And how does this affect security issues for VB scripts that run using ...
    (Focus-Microsoft)