Scripting User profile copying

[Matt]

Hello,

I am setting up an XP Home workstation and have configured it for two
partitions. I have setup the Documents and Settings folder to reside on
drive D: along with all the profiles so that if I need to reimage the C:
partition I will not lose all the users settings (email, mydocs,
customizations etc).

My problem is that if I do reimage the C: partition, the SAM file will
be redeployed with the original preconfigured accounts and not the new
user accounts created after the original deployment. This means that I
have to add the users to the SAM database again and reassign the
profiles.

Basically what I need is to be able to link up the recreated user
accounts with the old profiles and be able to script this and not use
the GUI Copy To function of user profile copying.

What I have done so far is to use net user to create the new account and
the /profilepath switch to set the account to use the old profile
folder. I have also scripted changing the owner of the old profile with
chown and cacls to give the new account access to the profile folder.

When the user logs in after this is done the profile is used but XP
still generates a second profile but uses the folder of the old profile.
What essentially happens is that the MyDocs and such are available, but
the theme and background is lost (items stored in the users registry).

I have search google for a way to script the Copy To and Permitted to
use functions as they accomplish this task without problem, but again I
want to script this functionality and avoid the GUI.

Anyone have any recommendations or pointers on how I can find a
description of the changes the Permitted to use does to a profile to
allow a new user to access the old profile?

Thanks in advance.
Matt

 

[Matt]

Hello,

I have found a partial solution to my problem, but I am still having a small problem I would like answered if possible.

This is what I have accomplished so far. I have created a script which will perform the following on the old profile:

1) perform a net user to create the new account of the same username (generates a new sid though)
2) Run a ported chown on the profile to change the sid to the new accounts sid
3) run cacls on the old profile to give the new sid full accesss to the files
4) load the ntuser.dat hive into the registry
5) run a setacls on the loaded registry to give the new sid full control on the keys and values
- this resolved the issue of the background and theme not being read
6) unload the ntuser.dat hive from the registry

This appears to work fine, except that when the user logs in, windows still genereates a new profile folder of the form username.computername. In the profilelist key for the users sid, there is still the value centralprofile using the old profile and the profileimagepath value using the new profile.

If the user logs off, the admin can delete the new profile and change the profileimagepath value in the registry which will work fine from that point forward.

My question is why does xp still create a new profile folder? How can I get it to use the old one when the user first logs in?

Thanks
Matt

-------------------------
This is my script to allow the new sid to use the old profile folder:

resetprofile.cmd

@echo off
if "%1" == "" goto _nouser
set username=%1

:_loopstart
shift
if "%1" == "" goto _loopend
set username=%username% %1
goto _loopstart

:_loopend
echo.
echo Resetting profile for user: %username%
echo Users password will be set to: %username%
echo.
echo Note: Username is not case sensitive
echo Passwords ARE case sensitive
pause

net user "%username%" "%username%" /profilepath:"e:\documents and settings\%username%" /add
e:\bin\chown -r "%username%" "e:\documents and settings\%username%"
cacls "e:\documents and settings\%username%" /e /t /g "%username%":f
reg load hku\script_user "e:\documents and settings\%username%\ntuser.dat"
e:\bin\setacl users\script_user /registry /grant "%username%" /full /r:cont_obj /silent
reg unload hku\script_user

echo Complete!
goto END


:_nouser
echo.
echo Error: missing username
echo Syntax:
echo.
echo resetprofile (username)
echo.

:END

 

[Matt]

Hello,

I have a solution now that will migrate an old profile and force windows xp to use the old profile and NOT generate a new one. The key was to have the registry key and value pre-exist before the users first login after the accout was recreated. It appears that windows checkes this for the profilepathimage value and if it is there will use the profile listed.

Here is my final script: resetprofile.cmd
----------------------
@echo off
if "%1" == "" goto _nouser
set user_name=%1

:_loopstart
shift
if "%1" == "" goto _loopend
set user_name=%user_name% %1
goto _loopstart

:_loopend

if not exist "e:\documents and settings\%user_name%" goto _noprofile

echo.
echo Resetting profile for user: %user_name%
echo Users password will be set to: %user_name%
echo.
echo Note: Username is not case sensitive
echo Passwords ARE case sensitive
pause

net user "%user_name%" "%user_name%" /add
e:\bin\chown -r "%user_name%" "e:\documents and settings\%user_name%"
cacls "e:\documents and settings\%user_name%" /e /t /g "%user_name%":f
c:\windows\system32\reg load hku\script_user "e:\documents and settings\%user_name%\ntuser.dat"
e:\bin\setacl users\script_user /registry /grant "%user_name%" /full /r:cont_obj /silent
c:\windows\system32\reg unload hku\script_user

for /f %%i in ('cscript /nologo user2sid.vbs "%user_name%"') do set sid=%%i
echo Windows Registry Editor Version 5.00 > temp.reg
echo. >> temp.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%sid%] >> temp.reg
echo "ProfileImagePath"="e:\\documents and settings\\%user_name%" >> temp.reg
echo. >> temp.reg

regedit /s temp.reg
del temp.reg

echo Complete!
goto END


:_nouser
echo.
echo Error: missing username
echo Syntax:
echo.
echo resetprofile (username)
echo.
goto END

:_noprofile
echo.
echo Error: Could not file profile \documents and settings\%user_name%
echo.
goto END

:END
----------------------

Please excuse the word wrapping.
The user2sid.vbs can be found at
http://groups.google.ca/[email protected]&rnum=1

but i'll post it here for reference: user2sid.vbs
---------------------
''''''''''''''''''''''''''''''''''''
'
' user2sid.vbs
'
' Author: MagicWorm
' http://magicw.secuz.org
' Date: 2003-08-22
''''''''''''''''''''''''''''''''''''
Const GENERAL_FAILURE = 2


Dim ArgObj ' Object which contains the command line argument
Dim Args(10) ' Array that contains all of the non-global arguments
Dim ArgCount ' Tracks the size of the Args array
Dim strComputer
Dim Account

Set ArgObj = WScript.Arguments

If ArgObj.Count < 1 or ArgObj.Count >2 Then
DisplayHelpMessage
WScript.Quit (GENERAL_FAILURE)
End If

Select Case ArgObj.Count
Case 1
strComputer = "."
Account = argObj(0)
Case 2
strComputer = argObj (0)
Account = argObj(1)
End Select



On Error Resume Next

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Account where Name = '" & Account & "'" )
For Each objItem in colItems
Wscript.Echo objItem.SID
Next

''''''''''''''''''''''''''''
'
' Display Help Message
'
''''''''''''''''''''''''''''
Sub DisplayHelpMessage()
WScript.Echo
WScript.Echo UCase(WScript.ScriptName) & " By MagicWorm"
WScript.Echo "http://magicw.secuz.org"
WScript.Echo String(80, "_")
WScript.Echo "The goal of the utility is to obtain SID from the account name, usage:"
WScript.Echo
WScript.Echo UCase(WScript.ScriptName) & " [computer_name] account_name"
WScript.Echo
WScript.Echo "where computer_name is optional. By default, the search"
WScript.Echo "starts at a local Windows NT computer."
End Sub

-------------------------

This is all posted for google archiving is anyone searched for a way to copy these old profiles.

Thanks,
Matt

 

[H Gohel]

I have a solution now that will migrate an old profile and force windows xp to use the old profile and NOT generate a new one. The key was to have the registry key and value pre-exist before the users first login after the accout was recreated. It appears that windows checkes this for the profilepathimage value and if it is there will use the profile listed.

<snip>

Great! I've run into this problem before and will save your post.
Thanks for following up.

Himanshu