Re: User profiles on domain controller - Very strange

That is typically what you see when a user can access a share on a domain
computer and encrypt files in that share. The computer then creates the
profile for the user and impersonates the user to request an EFS certificate
to store in that profile. The user would need write access to the folder in
order to encrypt the files and the encryption attribute would need to be
enabled on a folder in the share. So I would start by checking that out. You
can use the cipher command to check for encrypted folders on a computer. By
default on a domain controller regular domain users would not have write
access to any default share and the only share they would see is the sysvol
share. If you have audting for account management enabled on those domain
controllers you might find events recorded in the security log that may give
an idea what is going on. The user profile creation date may also be
helpful. --- Steve


"The Kirschi" <TheKirschi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F9C40856-174D-49BF-B393-D7182AD8EEC6@xxxxxxxxxxxxxxxx
Hi all,

I hope this is the right NG for my question:

I have a mixed environment with W2K3 and W2K DCs. During the last weeks I
realized that on one of our domain controllers (W2K) there were some user
profiles under Documents and Settings which - regarding to their name -
seem
to belong to some users in a remote location. I also found such user
profiles
(not all of them and not all the same users) on the DC (W2K) on the remote
site where these users are located. The user profiles do not have all the
common folders in it, e. g. the Desktop and MyDocuments are missing. It
seems
there is only information about some Certificates and CRLs and such in it
because the only folders with files in it are under Application Data ->
Microsoft within folders like CryptnetUrlCache, Crypto, Internet Explorer,
Protect and System Certificates.

The remote site is connected to our headquarter via a VPN connection
between
two firewalls over a leased line. Some of our users connect to an
application
via Citrix, so I thought the profiles maybe derive from those connections
but
as it turned out not all of the users who have profiles on the server use
Citrix.

Any help is greatly appreciated.

Thanks,
The Kirschi


.

Relevant Pages

  • Re: Roaming profiles - and disappearing desktop icons
    ... had a bubble pop up in the system tray saying connection to the ... and in the same instant the icons disappeared. ... If you follow all of these steps your roaming profiles should work. ... of the other redirected folders experience any problems... ...
    (microsoft.public.windows.server.sbs)
  • Re: Roaming profiles - and disappearing desktop icons
    ... folders are still fully accessible. ... and in the same instant the icons disappeared. ... seconds later it said connection had been re-established, ... If you follow all of these steps your roaming profiles should work. ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook 2001 for Mac and System 9.2
    ... > I have got number of connection issue's from OL2001 to exchange sorted out ... quit Outlook and then trash the folders and files in System ... >> Click the Show Profiles button and proceed to create a new profile. ...
    (microsoft.public.outlook.mac)
  • Re: Backup - Not Getting Any Response - Please Help
    ... >> With a re-install the SIDs will change so the users will have to ... >> Reconnect to the "New" Domain and so will get new Profiles. ... >> be an issue if the store isn't too big. ... >> During the re-install select new locations for the User Folders and ...
    (microsoft.public.windows.server.sbs)
  • Re: Moving Roaming Profile
    ... There is a GPO setting to add domain admins to the roaming folder. ... is under computer config, admin templates, system,user profiles and ... it is a move all users folders at ...
    (microsoft.public.windows.terminal_services)