Real Geek Forums > Archives > Operating Systems > Windows Vista > Windows Vista Administration > Administrators' profiles deleted when having Guest status

Administrators' profiles deleted when having Guest status

Posted: 12-10-2008, 05:20 PM
Baboon
Guest
Posts: n/a
 
Our solution for preventing users from leaving behind profiles on lab
machines has been to add the Domain Users group to the Guests group on those
machines. As long as a user was a member of the Administrators group on the
machine, that user's profile would not be deleted.

I just discovered that with Vista, even Adminstrators' profiles are deleted
in this scenario (of course I mean users with admin rights who are Domain
Users). This happens even if the admin user's profile existed before adding
Domain Users to the Guest group.

I don't know of a Group Policy setting that will delete user profiles, other
than for roaming ones. Can anyone think of a solution for this?

(Fortunately Vista has volume shadow copies of everything by default, so I
was able to restore the important files from my profile after it was deleted!)
Reply With Quote

Responses to "Administrators' profiles deleted when having Guest status"

Tim Quan [MSFT]
Guest
Posts: n/a
 
RE: Administrators' profiles deleted when having Guest status
Posted: 12-11-2008, 10:11 AM
Hi,

Thank you for posting.

I have tested this issue on my Windows Vista machine and I can reproduce
this issue:

If an domain user belongs to both Domain Guests group and a client's local
Administrators group, when logging on this user account on the client, a
temporarily user profile is created. When logging off this account, this
user profile will be deleted.

It is not recommended to add Domain Users group to (Domain) Guests group.

Now if you would like to prevent users from leaving behind profiles on
clients while preserve administrator profiles, you can use the following
method:

1. For non- clients' administrator domain users, add them to Domain Guests
group. When logging on them on clients, only temporarily profiles will be
created

2. For clients' administrator domain users, add them to clients' local
Administrators group. When logging on them on clients, permanent profiles
will be created.

If anything in my e-mail is unclear or you need further help, don't
hesitate to let me know.

Sincerely,
Tim Quan
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

With newsgroups, MSDN subscribers enjoy unlimited, free support as opposed
to the limited number of phone-based technical support incidents. Complex
issues or server-down situations are not recommended for the newsgroups.
Issues of this nature are best handled working with a Microsoft Support
Engineer using one of your phone-based incidents.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Reply With Quote
Baboon
Guest
Posts: n/a
 
RE: Administrators' profiles deleted when having Guest status
Posted: 12-11-2008, 07:30 PM
Thanks for the quick and clear reponse.

That solution would not work, as we have potentially 10,000 domain users who
would use those machines. If I could put all of the non admin users into a
group that is exactly what I would have done, but there are just too many.

""Tim Quan [MSFT]"" wrote:
> Hi,
>
> Thank you for posting.
>
> I have tested this issue on my Windows Vista machine and I can reproduce
> this issue:
>
> If an domain user belongs to both Domain Guests group and a client's local
> Administrators group, when logging on this user account on the client, a
> temporarily user profile is created. When logging off this account, this
> user profile will be deleted.
>
> It is not recommended to add Domain Users group to (Domain) Guests group.
>
> Now if you would like to prevent users from leaving behind profiles on
> clients while preserve administrator profiles, you can use the following
> method:
>
> 1. For non- clients' administrator domain users, add them to Domain Guests
> group. When logging on them on clients, only temporarily profiles will be
> created
>
> 2. For clients' administrator domain users, add them to clients' local
> Administrators group. When logging on them on clients, permanent profiles
> will be created.
>
> If anything in my e-mail is unclear or you need further help, don't
> hesitate to let me know.
>
> Sincerely,
> Tim Quan
> Microsoft Online Community Support
>
> ==================================================
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscripti...ult.aspx#notif
> ications.
>
> With newsgroups, MSDN subscribers enjoy unlimited, free support as opposed
> to the limited number of phone-based technical support incidents. Complex
> issues or server-down situations are not recommended for the newsgroups.
> Issues of this nature are best handled working with a Microsoft Support
> Engineer using one of your phone-based incidents.
> ==================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
Reply With Quote
Tim Quan [MSFT]
Guest
Posts: n/a
 
RE: Administrators' profiles deleted when having Guest status
Posted: 12-12-2008, 08:39 AM
Hi,

Thank you for the reply.

I understand it is time-consuming. However, I am afraid that you have to do
so manually since this is the only way to resolve this issue at the current
situation .

Sincerely,
Tim Quan
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

With newsgroups, MSDN subscribers enjoy unlimited, free support as opposed
to the limited number of phone-based technical support incidents. Complex
issues or server-down situations are not recommended for the newsgroups.
Issues of this nature are best handled working with a Microsoft Support
Engineer using one of your phone-based incidents.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Reply With Quote
 
LinkBack Thread Tools Display Modes
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Local Profiles Deleted after setting policy SWilbers Windows Vista Administration 1 10-11-2007 01:54 PM
big problem, deleted administrators Mike.ONeal Windows Vista Administration 6 09-30-2007 08:51 PM
Account Profiles Deleted - Cannot remember password - Cannot hard Erik Windows XP Configuration & Management 6 02-06-2006 01:22 PM
add domain administrators into local administrators group from GPO rix Windows XP Security & Administration 0 09-26-2003 11:34 PM
User profiles are not being deleted on log out. Robin Windows XP Security & Administration 0 08-07-2003 02:02 PM