RE: username change best practices...

From: "Dave Doeppel" <doeppel@xxxxxxxxxxx>
Date: Wed, 2 Aug 2006 07:53:48 -0700

I had done this in the past as well. From my perspective, this helps
with security as far as network file servers and shares. But the local
profile actually uses the SID to determine the profile path. While I
cant say that I have tested any VB scripts, my solution was to just
create a new Local profile after renaming the account. It was much
cleaner that way.

If you have a particular user account that is part of multiple security
groups it does help to be able to just rename the account, but from most
of my experience it is far easier to just create a new account and add
it to the appropriate security groups.

Dave Doeppel
MCSE 2003 + Messaging
-----Original Message-----
From: Murda Mcloud [mailto:murdamcloud@xxxxxxxxxxx]
Sent: Monday, July 31, 2006 8:59 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: username change best practices...

Hi all,
I seem to remember being given the advice on an MS course for giving a
new user same privileges/access etc as the old user they were replacing
by just renaming the current account in AD User+Comps.

How does this affect things like profile paths on a workstation? It
seems that when I do this for instance, profile path stays as 'c:\docs
and settings\usernameold' etc but the new user, ie usernamenew, sees
that 'old'
profile when logging into the machine. What are the security
implications of this if any? We don't use roaming profiles as no-one
roams.

And how does this affect security issues for VB scripts that run using
parameters like SPECIAL FOLDERS (eg My Documents/desktop) etc? Is there
some accepted practice for renaming the local profile path-vis a vis
security standpoint?

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Prev by Date: RE: Domain admin mailbox rights on Exchange 2003
Next by Date: Re: Domain admin mailbox rights on Exchange 2003
Previous by thread: Re: RE: username change best practices...
Next by thread: Domain admin mailbox rights on Exchange 2003
Index(es):
- Date
- Thread

Relevant Pages

Re: Cant Copy User Profile
... If both machines are using the NTFS file system then the ACL security descriptors will be different for each Admin account. ... Your old Admin rights won't be recognised by your ACL information for your new profile, in essence your account doesn't have access to your old profile. ...
(microsoft.public.windowsxp.general)
RE: username change best practices...
... I would recommend creating a new user account, ... security groups for access control, ... How does this affect things like profile paths on a workstation? ...
(Focus-Microsoft)
Re: FBOFW 9/30/05
... profile based on personal characteristics, then just *profile*, ... than of making security measures more focused and effective. ... details assigned to watch their luggage for them. ... but I definitely hate it a lot less than exempting certain ...
(rec.arts.comics.strips)
Re: Win32 security limitations: why?
... Microsoft MVP (Windows Security) ... > Trying to spawn a process from an impersonated client from within IIS-ASP ... > under the imporsonated account because the SeAssignPrimaryTokenPrivilege ... > loading another user's profile is a security risk, ...
(microsoft.public.security)
Windows logoff bug possible security vulnerability and exploit.
... Windows XP, Windows Server 2003 ... I believe that it is the purpose of the OS to provide the appropriate security and the purpose of a program to do it's task and not implement the security of the OS. ... The security problem I'm discussing occurs when a user profile fails to unload during logoff. ...
(Bugtraq)