5

A bit about current setup:

It is windows 2008 R2 AD servers (all of them are 2008R2) and couple locations which set as Sites. Each location has DFS on AD server. Roaming profiles are not used nor configured. Users have their home folder configured as mapped S: drive to DFS shared folder. For example: in profile tab user has: Home Folder -> connect -> S: to \\domain.com\dc\users\%username%

We also have redirected Desktop, Documents and Downloads folders to \\domain.com\dc\users.

Everything was fine. Suddenly (today), users in most locations lost their local profile (both XP and W7 desktops) and got temporary profiles. Also, it looks like local profile was created today (from folder properties).

I checked events at couple machines and there is not errors related to profiles or logon process. I do not see issues in event logs at servers as well.

Basically, I run out of ideas what is wrong and why machines lost their local profiles.

PS: Laptop users do not have their folders redirected, but lost profiles as well.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Serhiy
  • 174
  • 1
  • 1
  • 9
  • 1
    so logged in as a user that has a temp profile directiry do the following "dir \\domain.com\dc\users\%username%" at a command prompt – tony roth Oct 19 '12 at 18:25
  • Well, all users are using their desktops now, so I cannot try it right now, but explorer can browse all shares and redirected folders normally. – Serhiy Oct 19 '12 at 18:30
  • so the s: drive is mapped correctly? – tony roth Oct 19 '12 at 18:32
  • had to re-read things, so they only had local profiles correct? If so then maybe permission are screwed up on their old profile. – tony roth Oct 19 '12 at 18:35
  • Yes, S: drive is mapped correctly. So, if permissions were screwed up - why in all offices? – Serhiy Oct 19 '12 at 18:48
  • 1
    With whats being described none of this really makes sense. – tony roth Oct 19 '12 at 18:54
  • Well, with the profiles being on a DFS share, that provides a mechanism where all the share permissions could be altered at once. Did someone or something change the inheritable permissions at a level above the profiles' location? – HopelessN00b Oct 19 '12 at 18:57
  • Ok, got access to desktop. Yes, I can dir \\domain.com\dc\users\%username% – Serhiy Oct 19 '12 at 19:10
  • @HopelessN00b Profiles are local actually as it is just folder redirection, not roaming. – Serhiy Oct 19 '12 at 19:11
  • This is the warning message I got in Application log: Event Type: Warning Event Source: Group Policy Drive Maps Event Category: (2) Event ID: 4098 Date: 10/19/2012 Time: 3:02:42 PM User: NT AUTHORITY\SYSTEM Computer: WKS-MDIAZ Description: The user 'G:' preference item in the 'GA Group Policy {608162F7-CB29-47B5-8260-A322BE273708}' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. – Serhiy Oct 19 '12 at 19:12
  • What bothers me is that one W7 machine cannot create a local profile (there is no profile for that user locally at all) and uses temporary one and not even single word in Event log. – Serhiy Oct 19 '12 at 19:26
  • so at wks-mdias workstation browse the profile directory and check the permissions on the profiles located there. – tony roth Oct 19 '12 at 19:27
  • check to see if somebody updated the roaming profile section for the users within AD. – tony roth Oct 19 '12 at 19:28
  • also check the sysvol permissions to verify the permissions there. – tony roth Oct 19 '12 at 19:29
  • @tonyroth I checked and so far so good - all permissions are fine. Back to the W7 machine - it does not have local profile at all, so permissions could not be broken. – Serhiy Oct 19 '12 at 19:32
  • @tonyroth - I checked all GP polices and they were not updated for month. – Serhiy Oct 19 '12 at 19:33
  • GP has nothing to do with this, also you maybe having problems with you sysvol. Look at the profile settings for these users, did something change. – tony roth Oct 19 '12 at 19:34
  • @tonyroth - Share permissions: Everyone - readonly, Auth users and Admins full. NTFS permissions: Auth users - read & execute, System - full, Admins - special. – Serhiy Oct 19 '12 at 19:38
  • so on the win7 workstation you only see the user\public folder? – tony roth Oct 19 '12 at 20:05
  • @tonyroth on the Win 7 desktop in users folder only local Administrator profile, nothing else. – Serhiy Oct 19 '12 at 20:56

3 Answers3

5

There are several possible reasons for Windows to issue a temporary profile instead of a regular user profile. One of them is that the user logging on is a guest. Others include missing permissions and incorrectly deleted profiles. See this article for a full list:

http://helgeklein.com/blog/2011/11/temporary-user-profiles/

Helge Klein
  • 2,031
  • 1
  • 15
  • 22
4

I found a solution here: http://www.networksteve.com/windows/topic.php/Domain_joined_but_trying_to_log_on_gives_temporary_profile_only/?TopicId=20834&Posts=1

Some one added "Domain Users" group into "Domain Guests" group. That ruined my whole day.

Thanks tony for helping me.

Serhiy
  • 174
  • 1
  • 1
  • 9
0

. Please clear up all the .bak files in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList of the terminal server.

  1. Please manually delete these temporary profiles on the terminal server.
Kashif Karim
  • 1
  • 1
    That is unlikely in the extreme to remedy the cause of this problem, though it will temporarily hide it. – Falcon Momot Oct 04 '13 at 07:31
  • Here's the PowerShell one-liner that will clean up the orphaned keys: `dir 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'|?{-Not(Test-Path $_.GetValue('ProfileImagePath'))}|%{rm -recurse ($_.Name-replace'HKEY_LOCAL_MACHINE','HKLM:')}` – Tim Lewis Feb 16 '16 at 22:44