copied user profile, now get "cannot access device...appropriate permissions" on system files



I'm running a Windows 7 x64 desktop. I had to replace my domain controller after losing the old one without a backup, so when I created a new domain user, of course, the system sees it as a different user. Here's what I've done so far:

  1. First, I followed some advice I found googling this issue and did something I've been wanting to do: relocated the profile path to a separate drive (okay, separate partition actually). I create a Users directory on the U: drive, copied the Default, All Users, and Public folders over to it from C:\Users, and re-pointed the profile paths in HKLM\Software\Microsoft\Windows NT\ProfileLists.
  2. logged into the machine using the newly created domain user so that it would create a default profile. And it did, and created it in the U:\Users\dave, just like I wanted.
  3. logged in as administrator and copied everything that would copy from the C:\Users\dave to U:\Users\dave.
  4. Changed the permissions on U:\Users\dave and everything underneath it to have full control by the newly created domain user 5) Added the newly created domain user to the local Users group

When I log back in as the newly created domain user, I have the old desktop back (hurray!), BUT most of the Start menu items (especially Control Panel) give me the dreaded "Windows cannot access the specified device, file, or path. You may not have the appropriate permissions to access the item".

But it will let me access some items in some ways but not others. For example, if I click on "Computer" in the start menu, it denies me access. But if I right click it, select "Show on Desktop", it puts the Computer icon in the top left corner of the icons. If I double click that icon, it also denies me access, but if I right click it and select "Open", it opens up and I can navigate around.

If I follow one tip that I found, and type "control", it gives me the same thing. And if I open an explorer window (the only way I can do it is the technique described in the last paragraph - right clicking computer and selecting Open), and navigate to C:\Windows\system32\control.exe, right click it, select properties, advanced, and effective permissions, and then enter my domain login, it says I have execute permission on it. Yet if I click the control.exe file, it gives me access denied.

Another clue: Whenever I open Firefox, it pops up and says it's not my default browser, and to I want it to be. I check yes, but it's apparently not getting saved, because the next time I open it, it's asking again. I'm not sure if that's saved in the Registry, or in an AppData file, but apparently I don't have access permission to it. I'm just not sure where.

I know I'm doing something that's outside the scope of normal operations, but there should be an explanation, and it should be resolvable. Anyone have any ideas?


Posted 2011-05-14T12:05:52.617

Reputation: 811



I still don't have everything working perfectly (there still seem to be some problems with software that uses the VirtualStore), but most of the problems seemed to have to do with ownership and access permission on some the registry keys.

Some (not all) of the keys under the new user were still owned by and/or had access permission for the old identity. I ran as administrator with the new user and also a default user logged on (so I could compare keys), and then went into HKEY_USERS\<new user id>\Software, and also HKEY_USERS\<new user id>_Classes, and set everything to be owned by the new user and have full control by the new user. Probably a meat-ax approach, but there were way too many to do one at a time.

Like I say, most stuff seems to be working now.


Posted 2011-05-14T12:05:52.617

Reputation: 811

That save my day. I have a similar situation, but I'm migrating a local profile to domain profile, using Win7 x86 – faulty – 2011-09-08T03:22:15.940

I know it's old, but thanks for this. It just saved me much headache! – Brazzle – 2013-09-26T17:40:04.793


Can you remove the machine from the domain and re-add it to the domain? Windows will let you remove it from the domain even if it can't contact the old Domain Controller.

Alternatively, click right click on My Computer, then Manage. Click on Local Users and Groups. From groups, remove Domain Admins, then re-add it.

Kevin M

Posted 2011-05-14T12:05:52.617

Reputation: 2 396

Thanks for your response. First removing it from the domain and re-adding it had no effect. Second, curiously, neither Domain Admins nor Domain Users is in local groups. This seems to be some sort of permissions problem on the local machine. – daveh551 – 2011-05-14T14:20:13.983