Roaming Users Local Profile

Hello All,

I am having issues with some XP Pro computers on a network with SBS 2003
Premium. The problem is that when I set up a user on the domain, they are
able to log onto the laptop assigned to them but as soon as they log out or
restart all their settings are gone and the process starts over again. All
settings including VPN, shared folders, desktop and my document contents, etc
are wiped out and the user has to go through the first time logon again as
though he/she had never logged on before. In other words, no local user
profile is retained/maintained by the computer for the users for some reason.
This happens even though I have given them local admin rights on their laptop.

Any ideas on what could be the problem here?

Thanx.

v-robmen
Fri Jul 11 01:26:49 PDT 2008


Hello,

Thank you for your post.

My name is Robbin Meng, and it is my pleasure to work with you on this
issue!

Please allow me to confirm that my understandings are correct. As I
understand it, the issue is:

You set up some user accounts in SBS domain, they are able to log onto the
laptop assigned to them which with Windows XP Pro systems. But as soon as
they log out or restart all their settings are gone and the process starts
over again. Changes to your roaming profile are lost after every reboot.

If I have misunderstood your concerns please feel free to let me know.

Before we move on, I would like confirm with you about the following
scenarios:

1. Does this issue only to certain users or certain client Windows XP
computer?
Please log on with different domain users on the same computer to confirm.
Also, use same user account to log on different Windows XP pro computers
for tests.
2. Are the users using Roaming profile? or Local profiles?

3. Has the profile ever worked before this issue occur?

4. Are these Windows XP Pro computer has applied Service Pack 2? If not,
please check following KB840998 below.


Suggestion 1: Changes to your roaming profile are lost when you log on to
a Windows XP-based computer
http://support.microsoft.com/kb/840998/en-us


Suggestion 2: Moreover, please note, if the Ntuser.dat file in the user's
profile folder has been changed to Ntuser.man, then the profile is assigned
to be a "Mandatory" user profile which will cause this issue to occur.
Please refer to the following article to check it:

How to assign a mandatory user profile in Windows XP
http://support.microsoft.com/kb/307800/en-us


Please try the above suggestion.

More related information:

How to Create and Copy Roaming User Profiles in Windows XP
http://support.microsoft.com/kb/314478/en-us

If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:

Information Need
==============
System Information

1). On the SBS server, click the Start menu and choose Run.
2). Enter msinfo32 in the open box and click OK.
3). Click File>Save and then save the information file into a specified
folder.
4). Send this file to me at: v-robmen@microsoft.com


Hope this helps. Also, if you have any questions or concerns, please do not
hesitate to let me know.

Thank you for your time and cooperation.

Best regards,

Robbin Meng(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

MF
Fri Jul 11 07:11:02 PDT 2008

Hello Robbin,

Thanx for your response. Your understanding of the problem is correct. I
will look into your suggestions and get back to you soon.

Thank you.


""Robbin Meng [MSFT]"" wrote:

>
> Hello,
>
> Thank you for your post.
>
> My name is Robbin Meng, and it is my pleasure to work with you on this
> issue!
>
> Please allow me to confirm that my understandings are correct. As I
> understand it, the issue is:
>
> You set up some user accounts in SBS domain, they are able to log onto the
> laptop assigned to them which with Windows XP Pro systems. But as soon as
> they log out or restart all their settings are gone and the process starts
> over again. Changes to your roaming profile are lost after every reboot.
>
> If I have misunderstood your concerns please feel free to let me know.
>
> Before we move on, I would like confirm with you about the following
> scenarios:
>
> 1. Does this issue only to certain users or certain client Windows XP
> computer?
> Please log on with different domain users on the same computer to confirm.
> Also, use same user account to log on different Windows XP pro computers
> for tests.
> 2. Are the users using Roaming profile? or Local profiles?
>
> 3. Has the profile ever worked before this issue occur?
>
> 4. Are these Windows XP Pro computer has applied Service Pack 2? If not,
> please check following KB840998 below.
>
>
> Suggestion 1: Changes to your roaming profile are lost when you log on to
> a Windows XP-based computer
> http://support.microsoft.com/kb/840998/en-us
>
>
> Suggestion 2: Moreover, please note, if the Ntuser.dat file in the user's
> profile folder has been changed to Ntuser.man, then the profile is assigned
> to be a "Mandatory" user profile which will cause this issue to occur.
> Please refer to the following article to check it:
>
> How to assign a mandatory user profile in Windows XP
> http://support.microsoft.com/kb/307800/en-us
>
>
> Please try the above suggestion.
>
> More related information:
>
> How to Create and Copy Roaming User Profiles in Windows XP
> http://support.microsoft.com/kb/314478/en-us
>
> If we cannot resolve the issue after we perform the above steps, please
> help me collect some information for further investigation:
>
> Information Need
> ==============
> System Information
>
> 1). On the SBS server, click the Start menu and choose Run.
> 2). Enter msinfo32 in the open box and click OK.
> 3). Click File>Save and then save the information file into a specified
> folder.
> 4). Send this file to me at: v-robmen@microsoft.com
>
>
> Hope this helps. Also, if you have any questions or concerns, please do not
> hesitate to let me know.
>
> Thank you for your time and cooperation.
>
> Best regards,
>
> Robbin Meng(MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>

laurazh
Sun Jul 13 18:08:11 PDT 2008

Hello,

Thank you for keeping us posted. If you have any updates or need any
further assistance, please feel free to let us know.

Best regards,

Laura Zhang(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

MF
Fri Jul 18 07:18:43 PDT 2008

Basically, what I need is to enable cached profiles for users so that they
can log onto their computers/laptops regardless if the domain server is
available especially when these are remote computers. On the remote
computers, I am able to join the domain, log users on via VPN with the "Log
on using a dial-up connection" checkbox but would like Outlook to be
automatically setup when opened for the first time and cached profile enabled
so that the user may or may not logon with the "Log on using a dial-up
connection" checkbox.

Any ideas on how to accomplish this?

Thank you.



""Laura Zhang[MSFT]"" wrote:

> Hello,
>
> Thank you for keeping us posted. If you have any updates or need any
> further assistance, please feel free to let us know.
>
> Best regards,
>
> Laura Zhang(MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>

v-robmen
Tue Jul 22 05:20:37 PDT 2008

Hi,

Thanks for your update.

Microsoft Windows Server caches previous users' logon information locally
so that they can log on if a logon server is unavailable during later logon
attempts.
Please check if the following KB article helps:

Cached domain logon information
http://support.microsoft.com/kb/172931/en-us

Cached credentials security in Windows Server 2003, in Windows XP, and in
Windows 2000
http://support.microsoft.com/kb/913485/en-us

Hope this helps.


Best regards,
Robbin Meng(MSFT)

Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security

MF
Tue Jul 22 06:57:00 PDT 2008

Hello Robbin,

Thanx for the response. Your details hold true for LAN setup where all
domain computers logon and cache credentials pretty easily. But my main aim
here is to do the same for computers in a remote office that use the "Log on
using a dial-up connection" checkbox to connect to the domain controller. I
would love this credential caching feature as well for off-domain login when
the domain controller is not available. Currently, at the remote office,
users always have to check the "Log on using a dial-up connection" checkbox
to authenticate to the server remotely before they can login to their
computer, otherwise they cannot login locally even though a "local" profile
seems to be stored on their computer from the first logon.

Any ideas how I can get this to work.

Thanx.


""Robbin Meng [MSFT]"" wrote:

> Hi,
>
> Thanks for your update.
>
> Microsoft Windows Server caches previous users' logon information locally
> so that they can log on if a logon server is unavailable during later logon
> attempts.
> Please check if the following KB article helps:
>
> Cached domain logon information
> http://support.microsoft.com/kb/172931/en-us
>
> Cached credentials security in Windows Server 2003, in Windows XP, and in
> Windows 2000
> http://support.microsoft.com/kb/913485/en-us
>
> Hope this helps.
>
>
> Best regards,
> Robbin Meng(MSFT)
>
> Microsoft CSS Online Newsgroup Support
> Get Secure! - www.microsoft.com/security
>
>

v-robmen
Thu Jul 24 00:15:48 PDT 2008

Hi,

Thanks for your clarification.

However, I would like to know how do you connect to your domain remotely
from the client workstation/laptop? Are you using Remote Desktop Connection
directly ? or first VPN to your domain then use the Remote Desktop
Connection to connect your workstation/laptop at our office rooms?

As far as I know, the cached credentials security feature/cached logon
works the same for both local or useing VPN to connect to your domain
remotely. (this cached logon feature is disabled for Windows server
systems by default for security consideration)

For the "log on using dial-up connection" checkbox, If you want to start
the VPN session before login, we can select "log on using dial-up
connection" check box (when you press ctrl-alt-del and type user name,
password) to use the built-in VPN component of Windows XP. You can
configure the built-in VPN component of Windows XP as default VPN
connection. If the check box is selected, the system will use VPN to
connect to the domain before the user login.

Hope this helps.

Best regards,

Robbin Meng(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

MF
Thu Jul 24 04:52:01 PDT 2008

Hello,

Thanx for your response. The "Log on using a dial-up connection" VPN feature
has been setup for users to log onto the domain from the remote office.
However, while it syncs some things, it is does not let them sign onto the
computer without checking the dial-up connection checkbox which is what
cached credentials are supposed to do...Let you log onto the computer locally
if the domain controller is not available.

Any ideas?

""Robbin Meng [MSFT]"" wrote:

> Hi,
>
> Thanks for your clarification.
>
> However, I would like to know how do you connect to your domain remotely
> from the client workstation/laptop? Are you using Remote Desktop Connection
> directly ? or first VPN to your domain then use the Remote Desktop
> Connection to connect your workstation/laptop at our office rooms?
>
> As far as I know, the cached credentials security feature/cached logon
> works the same for both local or useing VPN to connect to your domain
> remotely. (this cached logon feature is disabled for Windows server
> systems by default for security consideration)
>
> For the "log on using dial-up connection" checkbox, If you want to start
> the VPN session before login, we can select "log on using dial-up
> connection" check box (when you press ctrl-alt-del and type user name,
> password) to use the built-in VPN component of Windows XP. You can
> configure the built-in VPN component of Windows XP as default VPN
> connection. If the check box is selected, the system will use VPN to
> connect to the domain before the user login.
>
> Hope this helps.
>
> Best regards,
>
> Robbin Meng(MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>

v-robmen
Fri Jul 25 00:50:57 PDT 2008

Hello,

Thanks for updating on me.

I think it is strange becaused if there is totally no network connection
from your remote office , the VPN connection also should not work when it
is logging. So it doesn't make sense whether user check the VPN connection
checkbox or not becaused all these cached credentials are stored locally
and don't need any kinds of network connections.

For my understanding , whatever the domain controller is there or offline
user must select the dial-up connection checkbox to log on into the domain,
is that right? If it is true that after you checked the checkbox and user
can logged into his domain account, it indicated the cached logon really
works.

At this point, you may have a look at the following artilce:

How to Always Use the Log On Using Dial-Up Connection Option
http://support.microsoft.com/kb/172125/en-us

By the way, we can also check if there is any group policy that force use
to select this checkbox.

On the computer, click Start, point to All Programs, click Accessories,
click Run, type rsop.msc in the Open box, and then click OK. Please check
the User configuration and Computer configuration to see if there is any
security logon policy related to our issue that have been applied to the
computer or to the user account. If there is any, please try to disable
these group policies and try again.

If issue persists after the above steps, please help me collect some
information for further investigation:

Information Need
==============
1. On the client computer, check event viewer for related information,
please help save it to *.evt and send to me at v-robmen@microsoft.com .
2. If possible, please capture some screenshot when the error messages
appear and send them to me : v-robmen@microsoft.com


Best regards,

Robbin Meng(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.