This procedure is based on an outline that Harry Brelsford published in Certification Magazine, August 2004, "Migrate Profiles on Small Business Server Networks." Thanks, Harry!
I would occasionally run into permissions issues using Harry's recipe, so with time and experiment I've added a few refinements.
Executive Summary
Assume new user's account name is "NEWuser" and we wish for NEWuser to use the "OLDuser" profile.
- Log in to workstation once as NEWuser so Windows will create NEWuser profile. Log off and log back in as admin.
- Give NEWuser Full Control of OLDuser profile under Documents and Settings.
- In registry, point NEWuser profile at OLDuser's profile.
- In registry, load hives for OLDuser's ntuser.dat and UsrClass.dat. Give NEWuser Full Control of both hives. Unload hives, close registry, log out of Windows.
- Log back into Windows as NEWuser and enjoy OLDuser profile.
How Exactly to Do It
Determine SIDs for NEWuser and OLDuser accounts.
- Download and install the Resource Kit Tool "getsid" from <http://support.microsoft.com/kb/927229>
- Get newuser's SID by running from server "getsid \\servername NEWuser \\servername NEWuser"
- Get OLDuser's SID by running from server "getsid \\servername OLDuser \\servername OLDuser"
- The NEWuser profile at %SystemDrive%\Documents and Settings\NEWuser
- The registry pointer at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\SID_of_NEWuser\ProfileImagePath
Open an explorer window using runas domain admin. Navigate to %SystemDrive%\Documents and Settings\OLDuser and change permissions:
- Add NEWuser and give NEWuser Full Control
- Click Advanced, check "Replace permission entries on all child objects with entries shown here that apply to child objects."
- Click Apply and wait for process to complete.
- OK your way out.
First we need to point the NEWuser to the OLDuser's profile:
- Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\SID_of_OLDuser\ProfileImagePath
- Double-click the ProfileImagePath key and copy the path to the Windows clipboard
- Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\SID_of_NEWuser\ProfileImagePath
- Double-click the NEWuser's ProfileImagePath key and paste the path you just copied from the OLDuser's ProfileImagePath.
To change permissions on ntuser.dat:
- Highlight the HKEY_LOCAL_MACHINE key (if you don't highlight either HKLM or HKU, the next step will be greyed out).
- Click File>LoadHive, and navigate to "C:\Documents and Settings\OLDuser\ntuser.dat". Click Open
- You'll be asked for a keyname. Any arbitrary name is fine, but I'd use something like OLDuser-ntuser. Click OK
- You now have a new subkey under HKLM named OLDuser-ntuser. Right-click it and click Permissions.
- Add NEWuser and give NEWuser Full Control.
- Click Advanced, check "Replace permission entries on all child objects with entries shown here that apply to child objects."
- Click Apply and wait for the process to complete. OK your way out.
- Highlight the HKEY_LOCAL_MACHINE key again.
- Click File>LoadHive, and navigate to "C:\Documents and Settings\OLDuser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat". Click Open.
- You'll be asked for a keyname. I'd use something like OLDuser-UsrClass. Click OK.
- You now have a new subkey under HKLM named OLDuser-UsrClass. Right-click it and click Permissions.
- Add NEWuser and give NEWuser Full Control.
- Click Advanced, check "Replace permission entries on all child objects with entries shown here that apply to child objects."
- Click Apply and wait for the process to complete. OK your way out.
- Highlight HKLM\OLDuser-ntuser and click File>UnloadHive. Yes, you're sure.
- Highlight HKLM\OLDuser-UsrClass and click File>UnloadHive. Again, you're sure.
Close Regedit and log out of Windows.
Log in to Windows as NEWuser. You should have the familiar OLDuser desktop and customizations.
No comments:
Post a Comment