Users are getting a temporary profile
Solution 1
I found a solution here: http://www.networksteve.com/windows/topic.php/Domain_joined_but_trying_to_log_on_gives_temporary_profile_only/?TopicId=20834&Posts=1
Some one added "Domain Users" group into "Domain Guests" group. That ruined my whole day.
Thanks tony for helping me.
Solution 2
There are several possible reasons for Windows to issue a temporary profile instead of a regular user profile. One of them is that the user logging on is a guest. Others include missing permissions and incorrectly deleted profiles. See this article for a full list:
http://helgeklein.com/blog/2011/11/temporary-user-profiles/
Related videos on Youtube
Serhiy
Updated on September 18, 2022Comments
-
Serhiy almost 2 years
A bit about current setup:
It is windows 2008 R2 AD servers (all of them are 2008R2) and couple locations which set as Sites. Each location has DFS on AD server. Roaming profiles are not used nor configured. Users have their home folder configured as mapped S: drive to DFS shared folder. For example: in profile tab user has: Home Folder -> connect -> S: to
\\domain.com\dc\users\%username%
We also have redirected Desktop, Documents and Downloads folders to
\\domain.com\dc\users
.Everything was fine. Suddenly (today), users in most locations lost their local profile (both XP and W7 desktops) and got temporary profiles. Also, it looks like local profile was created today (from folder properties).
I checked events at couple machines and there is not errors related to profiles or logon process. I do not see issues in event logs at servers as well.
Basically, I run out of ideas what is wrong and why machines lost their local profiles.
PS: Laptop users do not have their folders redirected, but lost profiles as well.
-
tony roth over 11 yearsso logged in as a user that has a temp profile directiry do the following "dir \\domain.com\dc\users\%username%" at a command prompt
-
Serhiy over 11 yearsWell, all users are using their desktops now, so I cannot try it right now, but explorer can browse all shares and redirected folders normally.
-
tony roth over 11 yearsso the s: drive is mapped correctly?
-
tony roth over 11 yearshad to re-read things, so they only had local profiles correct? If so then maybe permission are screwed up on their old profile.
-
Serhiy over 11 yearsYes, S: drive is mapped correctly. So, if permissions were screwed up - why in all offices?
-
tony roth over 11 yearsWith whats being described none of this really makes sense.
-
HopelessN00b over 11 yearsWell, with the profiles being on a DFS share, that provides a mechanism where all the share permissions could be altered at once. Did someone or something change the inheritable permissions at a level above the profiles' location?
-
Serhiy over 11 yearsOk, got access to desktop. Yes, I can dir \\domain.com\dc\users\%username%
-
Serhiy over 11 years@HopelessN00b Profiles are local actually as it is just folder redirection, not roaming.
-
Serhiy over 11 yearsThis is the warning message I got in Application log: Event Type: Warning Event Source: Group Policy Drive Maps Event Category: (2) Event ID: 4098 Date: 10/19/2012 Time: 3:02:42 PM User: NT AUTHORITY\SYSTEM Computer: WKS-MDIAZ Description: The user 'G:' preference item in the 'GA Group Policy {608162F7-CB29-47B5-8260-A322BE273708}' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed. For more information, see Help and Support Center at go.microsoft.com/fwlink/events.asp.
-
Serhiy over 11 yearsWhat bothers me is that one W7 machine cannot create a local profile (there is no profile for that user locally at all) and uses temporary one and not even single word in Event log.
-
tony roth over 11 yearsso at wks-mdias workstation browse the profile directory and check the permissions on the profiles located there.
-
tony roth over 11 yearscheck to see if somebody updated the roaming profile section for the users within AD.
-
tony roth over 11 yearsalso check the sysvol permissions to verify the permissions there.
-
Serhiy over 11 years@tonyroth I checked and so far so good - all permissions are fine. Back to the W7 machine - it does not have local profile at all, so permissions could not be broken.
-
Serhiy over 11 years@tonyroth - I checked all GP polices and they were not updated for month.
-
tony roth over 11 yearsGP has nothing to do with this, also you maybe having problems with you sysvol. Look at the profile settings for these users, did something change.
-
Serhiy over 11 years@tonyroth - Share permissions: Everyone - readonly, Auth users and Admins full. NTFS permissions: Auth users - read & execute, System - full, Admins - special.
-
tony roth over 11 yearsso on the win7 workstation you only see the user\public folder?
-
Serhiy over 11 years@tonyroth on the Win 7 desktop in users folder only local Administrator profile, nothing else.
-
-
Falcon Momot over 10 yearsThat is unlikely in the extreme to remedy the cause of this problem, though it will temporarily hide it.
-
Tim Lewis over 8 yearsHere's the PowerShell one-liner that will clean up the orphaned keys:
dir 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'|?{-Not(Test-Path $_.GetValue('ProfileImagePath'))}|%{rm -recurse ($_.Name-replace'HKEY_LOCAL_MACHINE','HKLM:')}