Two domain accounts pointing to same profile folder


Mike Matheny

I do this so when I switch usernames, everything is the same under both
accounts (appearance, software, etc.)

I do this all the time at work by changing the ProfileImagePath under
NT\CurrentVersion\ProfileList\{user sid}. This works fine, as both domain
accounts are local admins also (and one account is in my local domain, the
other is in a trusted domain). Now, due to HSPD-12 (Homeland Security
Presidential Directive 12) reqirements, we (we, as in everyone - and this
includes me, a domain admin!) can no longer log on with an account that is
either a Domain Admin or Local Administrator. So here's the situation. For
simplicities sake, let's call my local domain (which I am an admin on)
DomainA, and the other DomainB. For testing, I have kept my DomainA domain
account in local admins group, and removed my DomainB domain account from
the local admins account. I have given the DomainB domain account full
control to the Profilelist section of the registry and the DomainA profile
folder on my PC.

However, when I log on as my DomainB user account, I get a wscript error
about applying policies, and I cannot change simple things like desktop
background, unlock the taskbar, etc. I have checked and the DomainB user
account has full control of the DomainA profile folder, especially

Where else do I need to give DomainB access to so I don't get the access

PS: I just added DomainB access to the
registry path - I am going to test now to see if it works.

Mike Matheny

More info - the exact error is:
Windows script host
Loading your settings failed (access denied)

My DomainA account is NOT running any logon scripts, however, my DomainB
account is.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question