M
Mike Matheny
I do this so when I switch usernames, everything is the same under both
accounts (appearance, software, etc.)
I do this all the time at work by changing the ProfileImagePath under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\{user sid}. This works fine, as both domain
accounts are local admins also (and one account is in my local domain, the
other is in a trusted domain). Now, due to HSPD-12 (Homeland Security
Presidential Directive 12) reqirements, we (we, as in everyone - and this
includes me, a domain admin!) can no longer log on with an account that is
either a Domain Admin or Local Administrator. So here's the situation. For
simplicities sake, let's call my local domain (which I am an admin on)
DomainA, and the other DomainB. For testing, I have kept my DomainA domain
account in local admins group, and removed my DomainB domain account from
the local admins account. I have given the DomainB domain account full
control to the Profilelist section of the registry and the DomainA profile
folder on my PC.
However, when I log on as my DomainB user account, I get a wscript error
about applying policies, and I cannot change simple things like desktop
background, unlock the taskbar, etc. I have checked and the DomainB user
account has full control of the DomainA profile folder, especially
ntuser.dat.
Where else do I need to give DomainB access to so I don't get the access
errors?
PS: I just added DomainB access to the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
registry path - I am going to test now to see if it works.
accounts (appearance, software, etc.)
I do this all the time at work by changing the ProfileImagePath under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\{user sid}. This works fine, as both domain
accounts are local admins also (and one account is in my local domain, the
other is in a trusted domain). Now, due to HSPD-12 (Homeland Security
Presidential Directive 12) reqirements, we (we, as in everyone - and this
includes me, a domain admin!) can no longer log on with an account that is
either a Domain Admin or Local Administrator. So here's the situation. For
simplicities sake, let's call my local domain (which I am an admin on)
DomainA, and the other DomainB. For testing, I have kept my DomainA domain
account in local admins group, and removed my DomainB domain account from
the local admins account. I have given the DomainB domain account full
control to the Profilelist section of the registry and the DomainA profile
folder on my PC.
However, when I log on as my DomainB user account, I get a wscript error
about applying policies, and I cannot change simple things like desktop
background, unlock the taskbar, etc. I have checked and the DomainB user
account has full control of the DomainA profile folder, especially
ntuser.dat.
Where else do I need to give DomainB access to so I don't get the access
errors?
PS: I just added DomainB access to the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
registry path - I am going to test now to see if it works.