Users are getting a temporary profile

windows active-directory windows-server-2008-r2 group-policy user-profile

53,789

Solution 1

I found a solution here: http://www.networksteve.com/windows/topic.php/Domain_joined_but_trying_to_log_on_gives_temporary_profile_only/?TopicId=20834&Posts=1

Some one added "Domain Users" group into "Domain Guests" group. That ruined my whole day.

Thanks tony for helping me.

Solution 2

There are several possible reasons for Windows to issue a temporary profile instead of a regular user profile. One of them is that the user logging on is a guest. Others include missing permissions and incorrectly deleted profiles. See this article for a full list:

http://helgeklein.com/blog/2011/11/temporary-user-profiles/

53,789

Serhiy

Updated on September 18, 2022

Comments

Serhiy almost 2 years

A bit about current setup:

It is windows 2008 R2 AD servers (all of them are 2008R2) and couple locations which set as Sites. Each location has DFS on AD server. Roaming profiles are not used nor configured. Users have their home folder configured as mapped S: drive to DFS shared folder. For example: in profile tab user has: Home Folder -> connect -> S: to \\domain.com\dc\users\%username%

We also have redirected Desktop, Documents and Downloads folders to \\domain.com\dc\users.

Everything was fine. Suddenly (today), users in most locations lost their local profile (both XP and W7 desktops) and got temporary profiles. Also, it looks like local profile was created today (from folder properties).

I checked events at couple machines and there is not errors related to profiles or logon process. I do not see issues in event logs at servers as well.

Basically, I run out of ideas what is wrong and why machines lost their local profiles.

PS: Laptop users do not have their folders redirected, but lost profiles as well.
- tony roth over 11 years
  
  so logged in as a user that has a temp profile directiry do the following "dir \\domain.com\dc\users\%username%" at a command prompt
- Serhiy over 11 years
  
  Well, all users are using their desktops now, so I cannot try it right now, but explorer can browse all shares and redirected folders normally.
- tony roth over 11 years
  
  so the s: drive is mapped correctly?
- tony roth over 11 years
  
  had to re-read things, so they only had local profiles correct? If so then maybe permission are screwed up on their old profile.
- Serhiy over 11 years
  
  Yes, S: drive is mapped correctly. So, if permissions were screwed up - why in all offices?
- tony roth over 11 years
  
  With whats being described none of this really makes sense.
- HopelessN00b over 11 years
  
  Well, with the profiles being on a DFS share, that provides a mechanism where all the share permissions could be altered at once. Did someone or something change the inheritable permissions at a level above the profiles' location?
- Serhiy over 11 years
  
  Ok, got access to desktop. Yes, I can dir \\domain.com\dc\users\%username%
- Serhiy over 11 years
  
  @HopelessN00b Profiles are local actually as it is just folder redirection, not roaming.
- Serhiy over 11 years
  
  This is the warning message I got in Application log: Event Type: Warning Event Source: Group Policy Drive Maps Event Category: (2) Event ID: 4098 Date: 10/19/2012 Time: 3:02:42 PM User: NT AUTHORITY\SYSTEM Computer: WKS-MDIAZ Description: The user 'G:' preference item in the 'GA Group Policy {608162F7-CB29-47B5-8260-A322BE273708}' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed. For more information, see Help and Support Center at go.microsoft.com/fwlink/events.asp.
- Serhiy over 11 years
  
  What bothers me is that one W7 machine cannot create a local profile (there is no profile for that user locally at all) and uses temporary one and not even single word in Event log.
- tony roth over 11 years
  
  so at wks-mdias workstation browse the profile directory and check the permissions on the profiles located there.
- tony roth over 11 years
  
  check to see if somebody updated the roaming profile section for the users within AD.
- tony roth over 11 years
  
  also check the sysvol permissions to verify the permissions there.
- Serhiy over 11 years
  
  @tonyroth I checked and so far so good - all permissions are fine. Back to the W7 machine - it does not have local profile at all, so permissions could not be broken.
- Serhiy over 11 years
  
  @tonyroth - I checked all GP polices and they were not updated for month.
- tony roth over 11 years
  
  GP has nothing to do with this, also you maybe having problems with you sysvol. Look at the profile settings for these users, did something change.
- Serhiy over 11 years
  
  @tonyroth - Share permissions: Everyone - readonly, Auth users and Admins full. NTFS permissions: Auth users - read & execute, System - full, Admins - special.
- tony roth over 11 years
  
  so on the win7 workstation you only see the user\public folder?
- Serhiy over 11 years
  
  @tonyroth on the Win 7 desktop in users folder only local Administrator profile, nothing else.
Falcon Momot over 10 years

That is unlikely in the extreme to remedy the cause of this problem, though it will temporarily hide it.
Tim Lewis over 8 years

Here's the PowerShell one-liner that will clean up the orphaned keys: dir 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'|?{-Not(Test-Path $_.GetValue('ProfileImagePath'))}|%{rm -recurse ($_.Name-replace'HKEY_LOCAL_MACHINE','HKLM:')}