Wrong Default User

[Guest]

I have a "Default User" profile on my two 2K Server DCs' NETLOGON shares,
with all the appropriate user permissions, but for some reason, when a new
user logs onto one of my 2K Pro clients, instead of pulling the NETLOGON
version to create their user profile, it uses the "Default User" on the local
machine. If I delete the local "Default User," it still doesn't pull the
NETLOGON one.

Back in the NT days, I had the PDC NETLOGON directory just replicate onto
each of the other servers and workstations, so I could make changes on the
main copy and it would automatically propagate. Now, my two DCs replicate to
each other, but the clients don't pick up the copy from either of them.

Can anyone suggest how I can fix this so I don't need to manually update 80
"Default Users" everytime I need to change something?

Thanks!

 

[Herb Martin]

"(e-mail address removed)"

I have a "Default User" profile on my two 2K Server DCs' NETLOGON shares,
with all the appropriate user permissions, but for some reason, when a new
user logs onto one of my 2K Pro clients, instead of pulling the NETLOGON
version to create their user profile, it uses the "Default User" on the local
machine. If I delete the local "Default User," it still doesn't pull the
NETLOGON one.

Back in the NT days, I had the PDC NETLOGON directory just replicate onto
each of the other servers and workstations, so I could make changes on the
main copy and it would automatically propagate. Now, my two DCs replicate to
each other, but the clients don't pick up the copy from either of them.

Can anyone suggest how I can fix this so I don't need to manually update 80
"Default Users" everytime I need to change something?

I have never heard of the Default profile being pulled from
a server in NT or current versions.

The user is supposed to ALWAYS get a NEW profile
from the local Default.

Afterwards, the roaming, local, or mandatory is controlled
from the domain.

Someone may correct me (since lack of knowledge doesn't
mean the feature is non-existent but I would likely have
heard of it.)

Search the knowledge base and please provide the KB#
if you find such documentation.

 

[Guest]

It *is* supposed to work that way. Here's the KB article that illustrates my
problem: http://support.microsoft.com/default.aspx?scid=kb;en-us;168475 I'm
sorry I didn't post it in my first message.

Although I have a Default User replicated in the Netlogon shares of all of
the domain controllers (as specified in bullet #4), it doesn't use it, and
instead uses the local machine's copy, like it indicates in bullet #5.

Actually, it isn't even using Default User from WinNT\Profiles - it's coming
from C:\Documents and Settings.

 

[Herb Martin]

"(e-mail address removed)"

It *is* supposed to work that way. Here's the KB article that illustrates my
problem: http://support.microsoft.com/default.aspx?scid=kb;en-us;168475 I'm
sorry I didn't post it in my first message.

Although I have a Default User replicated in the Netlogon shares of all of
the domain controllers (as specified in bullet #4), it doesn't use it, and
instead uses the local machine's copy, like it indicates in bullet #5.

Actually, it isn't even using Default User from WinNT\Profiles - it's coming
from C:\Documents and Settings.

Ok, a couple of ideas -- assuming it has ever
worked:

1) Permissions:
NTFS Everyone-READ (at least, but read is probably best)
Share Everyone-READ (ditto, but NetLogon should do that
automatically)

2) The NORMAL name for the Default user profile on
a machine is exactly "Default" even thought that
article discusses "Default User" and does say
clearly that should be the name "Default User".

3) The default path to NetLogon on Win2000+ DCs is:
%systemroot%\SYSVOL\sysvol\learnquick.com\SCRIPTS
On NT it is:
%systemroot%\system32\repl\import\scripts
There is NO automatic replication from Win2000+ DCs to
NT BDCs -- setup a replication bridge

4) Combining #2 & #3 gives us a directory on the NetLogon
share named EITHER Default, or Default User or:
...\scripts\Default
...\scripts\Default User

5) Of course name resolution of the DC AND the file server
(if they are different) is required for authentication, and
if they are different the file server must be resolvable
through either DNS or NetBIOS.

6) The user must NOT have a local profile ALREADY on
this machine (where logging on) nor a roaming profile
(nor mandatory) through the domain account properties.

One does NOT rename the NTUser.dat file but the directory
in which it appears, e.g., Default or Default User.

For years I have taught about pre-building the Default user
profile, suggesting it be pre-installed in the OS install
directories (I386 on an install share) -- and NO ONE has
ever mentioned this idea which has been around since at
least Dec 2003.

Let me know what you find.

 

[Guest]

Herb-

1- I have the NTFS and share permissions set up correctly.
2- The correct name is "Default User," not "Default."
3- I'm not using NT anymore - I was just reminiscing.
4- I'm not onsite at the moment to look up toe actual directory tree, but
it's definitely in the Netlogon share: \\server\NETLOGON\Default User
5- The DC *is* the file server, and the Default User folder is replicated
into the NETLOGON shares on both DCs, so it should be available on whichever
DC authenticates the login.
6- Yes, we're talking about a new user's first time logging into the
network, with no preexisting or manadatory profile.

 

[lforbes]

"(e-mail address removed)"
message

that illustrates
my
WinNTProfiles - it's
coming

Ok, a couple of ideas -- assuming it has ever
worked:

1) Permissions:
NTFS Everyone-READ (at least, but read is probably best)
Share Everyone-READ (ditto, but NetLogon should do that
automatically)

2) The NORMAL name for the Default user profile on
a machine is exactly "Default" even thought that
article discusses "Default User" and does say
clearly that should be the name "Default User".

3) The default path to NetLogon on Win2000+ DCs is:
%systemroot%SYSVOLsysvollearnquick.comSCRIPTS
On NT it is:
%systemroot%system32replimportscripts
There is NO automatic replication from Win2000+ DCs to
NT BDCs -- setup a replication bridge

4) Combining #2 & #3 gives us a directory on the NetLogon
share named EITHER Default, or Default User or:
...scriptsDefault
...scriptsDefault User

5) Of course name resolution of the DC AND the file server
(if they are different) is required for authentication,
and
if they are different the file server must be resolvable
through either DNS or NetBIOS.

6) The user must NOT have a local profile ALREADY on
this machine (where logging on) nor a roaming profile
(nor mandatory) through the domain account properties.

One does NOT rename the NTUser.dat file but the directory
in which it appears, e.g., Default or Default User.

For years I have taught about pre-building the Default user
profile, suggesting it be pre-installed in the OS install
directories (I386 on an install share) -- and NO ONE has
ever mentioned this idea which has been around since at
least Dec 2003.

Let me know what you find.


--
Herb Martin


"(e-mail address removed)"
message

that illustrates
my
WinNTProfiles - it's
coming
 > > "(e-mail address removed)"
 > >
<[email protected]>
wrote in message
 > >
  > > > I have a "Default User" profile on my two 2K
Server DCs' NETLOGON
shares,
  > > > with all the appropriate user permissions,
but for some reason, when a
new
  > > > user logs onto one of my 2K Pro clients,
instead of pulling the
NETLOGON
  > > > version to create their user profile, it
uses the "Default User" on
the
 > > local
  > > > machine. If I delete the local "Default
User," it still doesn't pull
the
  > > > NETLOGON one.
  > > >
  > > > Back in the NT days, I had the PDC NETLOGON
directory just replicate
onto
  > > > each of the other servers and workstations,
so I could make changes on
the
  > > > main copy and it would automatically
propagate. Now, my two DCs
replicate
 > > to
  > > > each other, but the clients don't pick up
the copy from either of
them.
  > > >
  > > > Can anyone suggest how I can fix this so I
don't need to manually
update
 > > 80
  > > > "Default Users" everytime I need to change
something?
 > >
 > > I have never heard of the Default profile being
pulled from
 > > a server in NT or current versions.
 > >
 > > The user is supposed to ALWAYS get a NEW profile
 > > from the local Default.
 > >
 > > Afterwards, the roaming, local, or mandatory is
controlled
 > > from the domain.
 > >
 > > Someone may correct me (since lack of knowledge
doesn't
 > > mean the feature is non-existent but I would likely
have
 > > heard of it.)
 > >
 > > Search the knowledge base and please provide the KB#
 > > if you find such documentation.
 > >
 > >
 > > --
 > > Herb Martin
 > >
 > >
  > > > Thanks!
 > >
 > >
 > >

Hi,

I used to do this all the time with Windows NT. Don’t use it so much
anymore as I use mandatory profiles set by me. The only thing I can
think of is how you are creating your Default User. Are you creating
it and copying it as per the instructions on the Windows site you
posted?

I often see a problem with the Default User not working properly when
the Profile is copied manually and not using the My Computer -
Properties - Advanced - User Profile Settings and giving Everyone Full
Control.

Also, are you using more than one Client OS? I have had quite a few
issues with profiles and cross platform especially between 2000 and
XP. I have see the profiles get quite messed up when going from one to
the other. Eg. settings like "show logoff on Start Menu" "Icon
placement on desktop" etc. just don’t migrate back and forth between
2000 and XP for some annoying reason. Maybe if you build the Default
User on a 2000 machine and try using it for XP it won’t work or vice
versa.

Cheers,

Lara

 

[Ryan Hanisco]

Maverick,

I do see your article and all... but.

This is legacy support and not a normal way to do this. As Herb said, the
normal behavior is to pull form the local profile every time.... just as you
are seeing.

The Windows 2Kx way to do this is with a mandatory profile, which should
meet your needs. This would be the better way to do this, though I do see a
benefit to what you are trying to do. I have never seen this work.

 

[Guest]

I want all of my users to start out with a standard profile that has
everything I think they'll need, but I want them to have the flexibility to
add or remove shortcuts and favorites, and to set their own wallpapers,
screensavers, left-handed mousing, etc.

I can't use a manadatory profile, as they wouldn't be able to change it.

It works as is, now, with each of them pulling their own new profile based
on a Default User profile, but I'd like them to all use one central Default
User profile (like the article says they should), so I could make global
changes there, rather than using their local Default User, which requires me
to make such global changes to 80 client machines.

I don't know what you mean about this being "legacy" support. This is the
way Windows 2000 is supposed to work, and Windows 2000 isn't yet a "legacy"
product.

 

[Guest]

Lara-

Thanks for the suggestions.

The domain is all homogenous, with Windows 2000 Server and Windows 2000
Professional. I used to experience the incompatibility issues you've
mentioned when I was in the middle of migrating from NT, but now that we're
standardized on 2K Native, that shouldn't be a factor.

Regarding copying the Default User profile, you cannot copy it from System
Properties, as it doesn't go in the normal profile directory - it goes in the
NETLOGON share. I do, however, have the permissions set to Everyone=Read,
Users=Read, and Authenticated Users=Read, so it should be available to anyone.

 

[Herb Martin]

"(e-mail address removed)"

Herb-

1- I have the NTFS and share permissions set up correctly.

So you can prove that by accessing it manually with a
typical user logged on?

2- The correct name is "Default User," not "Default."

Of course it is, I must have been tired since it is something
I look at and even discuss all of the time.

3- I'm not using NT anymore - I was just reminiscing.

That was just in case you had to replicate across the
two OSes.

4- I'm not onsite at the moment to look up toe actual directory tree, but
it's definitely in the Netlogon share: \\server\NETLOGON\Default User

And accessible (just trying to eliminate ANYTHING.)

5- The DC *is* the file server, and the Default User folder is replicated
into the NETLOGON shares on both DCs, so it should be available on whichever
DC authenticates the login.

Good. Newer DCs almost always replicate unless
firewalled or DNS problems.