Changing XP login from Local to Domain While Maintaining Local User.

I've taken over a network which is half workgroup, half domain on
2003Server. I'm a network tech with limited experience with domain
management.

Three of the computers are members of the domain, but are logging into
their local-computer, not the domain.

At the XP login screen, II can select to have them log in to the
domain, but not without creating a whole new user (and associated
folders under documents/settings). The new user name (folder name)
becomes OriginalUserName.DomainName.

These computers are so complex in their use that transferring the
users over to a new User Name would be a nightmare.

Is there a way to convince the system to log them into the Domain, and
not Locally, while keeping their 'world' intact?

Thanks for any worthwhile input.

Tom

Log in with the original local account.
Use the File & Settings Transfer Wizard to "save" the profile somewhere
safe.
Locate the *.pst file for Outlook (if such is being used) and copy it to a
safe place.

Log in with the Domain Account.
Use the File & Settings Transfer Wizard to import the profile from the safe
place you saved it.
Copy or move the *.pst file from where it was saved to the matching location
in the new profile that compares to where it was in the old profile.
Configure Outlook if it did not automatically configure when the profile was
imported.

Logically the *.pst file should export/import along with the profile when
using the Wizard,...but I've seen it fail to do so and therefore don't trust
it,..so I cover my rear-end.

You can now delete the profile from the local account and delete the local
accout itself from the machine so that the user does not use it and cause
confusion.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"TomTech" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> I've taken over a network which is half workgroup, half domain on
> 2003Server. I'm a network tech with limited experience with domain
> management.
>
> Three of the computers are members of the domain, but are logging into
> their local-computer, not the domain.
>
> At the XP login screen, II can select to have them log in to the
> domain, but not without creating a whole new user (and associated
> folders under documents/settings). The new user name (folder name)
> becomes OriginalUserName.DomainName.
>
> These computers are so complex in their use that transferring the
> users over to a new User Name would be a nightmare.
>
> Is there a way to convince the system to log them into the Domain, and
> not Locally, while keeping their 'world' intact?
>
> Thanks for any worthwhile input.
>
> Tom
>

It's not that simple.

Obviously, I know about Transfer Wizard, .pst and the like....

Were talking massive amounts of network shares, 3rd party programs
that tie themselves into files and settings in the User folder
structure, and Users that can't deal with any down time or disruption.

Let's leave the question in it's original form: Does anyone know how
to switch log-ins from Local to Domain on the XP Log-in screen without
Disturbing the current User as setup in the XP system?

Tom

"TomTech" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> It's not that simple.
>
> Obviously, I know about Transfer Wizard, .pst and the like....

Then did you actually try it to prove it doesn't work?

> Let's leave the question in it's original form: Does anyone know how
> to switch log-ins from Local to Domain on the XP Log-in screen without
> Disturbing the current User as setup in the XP system?

To the best of my knowledge,...beyond what I already suggested,...no,..there
is no such thing.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

> Then did you actually try it to prove it doesn't work?

Ya, that's how I discovered that changing the log-in creates a new
user.

Luckily, the original User is not touched, so logging off and re-
logging in under "Local (This Computer)" put me back into the original
User profile.

I've experimented with allowing it to create the new user then trying
to copy the whole Old-User structure over to the new account, but with
the name change (UserName.DomainName) things still were too messy and
prone to errors within the 3rd party software.

Just seems to me that there should be a clean way to make this move.

Thanks For Your Try...

Tom

On Sep 27, 1:40 pm, "Phillip Windell" <philwind...@hotmail.com> wrote:
> "TomTech" <j...@tjweb.us> wrote in message
>
> news:(E-Mail Removed) ps.com...
>
> > It's not that simple.
>
> > Obviously, I know about Transfer Wizard, .pst and the like....
>
> Then did you actually try it to prove it doesn't work?
>
> > Let's leave the question in it's original form: Does anyone know how
> > to switch log-ins from Local to Domain on the XP Log-in screen without
> > Disturbing the current User as setup in the XP system?
>
> To the best of my knowledge,...beyond what I already suggested,...no,..there
> is no such thing.
>
> --
> Phillip Windellwww.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------

And, by the way....you do know that the 'views expressed' by your cats
ALWAYS override your own.

"TomTech" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> On Sep 27, 1:40 pm, "Phillip Windell" <philwind...@hotmail.com> wrote:
>> "TomTech" <j...@tjweb.us> wrote in message
>>
>> news:(E-Mail Removed) ps.com...
>>
>> > It's not that simple.
>>
>> > Obviously, I know about Transfer Wizard, .pst and the like....
>>
>> Then did you actually try it to prove it doesn't work?
>>
>> > Let's leave the question in it's original form: Does anyone know how
>> > to switch log-ins from Local to Domain on the XP Log-in screen without
>> > Disturbing the current User as setup in the XP system?
>>
>> To the best of my knowledge,...beyond what I already
>> suggested,...no,..there
>> is no such thing.
>>
>> --
>> Phillip Windellwww.wandtv.com
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft,
>> or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>
> And, by the way....you do know that the 'views expressed' by your cats
> ALWAYS override your own.
>

Do you actually need them to log into the domain or do you simply need
them to have access to domain resources?

If you do a local login and the workgroup name is the same as the domain
name, the domain security check will accept the local login credentials as
long as it matches a domain account. A local login to account billg in
workgroup fred is accepted by the domain fred if the account billg exists as
a user in the domain user database. In other words, the domain trusts the
local security provider.

"Bill Grant" <not.available@online> wrote in
news:#(E-Mail Removed):

> "TomTech" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
>> On Sep 27, 1:40 pm, "Phillip Windell" <philwind...@hotmail.com>
>> wrote:
>>> "TomTech" <j...@tjweb.us> wrote in message
>>>
>>> news:(E-Mail Removed) ps.com...
>>>
>>> > It's not that simple.
>>>
>>> > Obviously, I know about Transfer Wizard, .pst and the like....
>>>
>>> Then did you actually try it to prove it doesn't work?
>>>
>>> > Let's leave the question in it's original form: Does anyone know
>>> > how to switch log-ins from Local to Domain on the XP Log-in screen
>>> > without Disturbing the current User as setup in the XP system?
>>>
>>> To the best of my knowledge,...beyond what I already
>>> suggested,...no,..there
>>> is no such thing.
>>>
>>> --
>>> Phillip Windellwww.wandtv.com
>>>
>>> The views expressed, are my own and not those of my employer, or
>>> Microsoft,
>>> or anyone else associated with me, including my cats.
>>> -----------------------------------------------------
>>
>> And, by the way....you do know that the 'views expressed' by your
>> cats ALWAYS override your own.
>>
>
> Do you actually need them to log into the domain or do you simply
> need
> them to have access to domain resources?
>
> If you do a local login and the workgroup name is the same as the
> domain
> name, the domain security check will accept the local login
> credentials as long as it matches a domain account. A local login to
> account billg in workgroup fred is accepted by the domain fred if the
> account billg exists as a user in the domain user database. In other
> words, the domain trusts the local security provider.
>
Are you sure that is true? The SID should not match for the local user
and the domain user, even if the username is the same. If what you are
saying is true, what is to stop a complete stranger from connecting their
own machine, setting its workgroup to match the domain, and logging in
with the same username as a domain user and gaining access to that user's
domain resources?

=== NOW === Back to the original question:
NOTE: I suspect that the procedure below may not be recommended for some
reason or other, but I have done this lots of times without ill effects.

If you have the machine joined to the domain, log in as the domain user
(allowing it to create a new profile directory - this can be deleted
after the rest of this procedure is done).
Then log in as a different user that is a local administrator and go into
the registry under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\ProfileList

and find the one for the domain user (you should be able to tell which
one from the SID or from the ProfileImagePath value)
Then, change the ProfileImagePath value to match the path to the local
user's profile. Change the NTFS permissions on that profile folder to
allow the domain user full access (like the local user already has).
Now, when the domain user logs in, they will load the same profile as the
local user. The local user could then be deleted, as well as the now
unused profile that was created when the domain user logged in for the
first time. I sometimes leave the local user intact, so they can log in
as either one and get the same profile (but not the same access to
network resources).

I sometimes do this the other way around, to keep the domain user's
profile for a new local user when a machine is leaving the domain.

"a" <(E-Mail Removed)> wrote in message news:Xns99B8DFC556001nspauac@207.46.248.16...
> "Bill Grant" <not.available@online> wrote in
> news:#(E-Mail Removed):
>
>> "TomTech" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) oups.com...
>>> On Sep 27, 1:40 pm, "Phillip Windell" <philwind...@hotmail.com>
>>> wrote:
>>>> "TomTech" <j...@tjweb.us> wrote in message
>>>>
>>>> news:(E-Mail Removed) ps.com...
>>>>
>>>> > It's not that simple.
>>>>
>>>> > Obviously, I know about Transfer Wizard, .pst and the like....
>>>>
>>>> Then did you actually try it to prove it doesn't work?
>>>>
>>>> > Let's leave the question in it's original form: Does anyone know
>>>> > how to switch log-ins from Local to Domain on the XP Log-in screen
>>>> > without Disturbing the current User as setup in the XP system?
>>>>
>>>> To the best of my knowledge,...beyond what I already
>>>> suggested,...no,..there
>>>> is no such thing.
>>>>
>>>> --
>>>> Phillip Windellwww.wandtv.com
>>>>
>>>> The views expressed, are my own and not those of my employer, or
>>>> Microsoft,
>>>> or anyone else associated with me, including my cats.
>>>> -----------------------------------------------------
>>>
>>> And, by the way....you do know that the 'views expressed' by your
>>> cats ALWAYS override your own.
>>>
>>
>> Do you actually need them to log into the domain or do you simply
>> need
>> them to have access to domain resources?
>>
>> If you do a local login and the workgroup name is the same as the
>> domain
>> name, the domain security check will accept the local login
>> credentials as long as it matches a domain account. A local login to
>> account billg in workgroup fred is accepted by the domain fred if the
>> account billg exists as a user in the domain user database. In other
>> words, the domain trusts the local security provider.
>>
> Are you sure that is true? The SID should not match for the local user
> and the domain user, even if the username is the same. If what you are
> saying is true, what is to stop a complete stranger from connecting their
> own machine, setting its workgroup to match the domain, and logging in
> with the same username as a domain user and gaining access to that user's
> domain resources?
>

What does the SID have to do with it? The machine is not joining the
domain. The user just has access to domain resources like shared files. It
works for W98 clients which can't join a domain.

If a person knows the username and password of a valid domain user there
are easier ways than that to access domain resources.

"TomTech" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>> Then did you actually try it to prove it doesn't work?
>
> Ya, that's how I discovered that changing the log-in creates a new
> user.
>
> Luckily, the original User is not touched, so logging off and re-
> logging in under "Local (This Computer)" put me back into the original
> User profile.
>
> I've experimented with allowing it to create the new user then trying
> to copy the whole Old-User structure over to the new account, but with
> the name change (UserName.DomainName) things still were too messy and
> prone to errors within the 3rd party software.
>
> Just seems to me that there should be a clean way to make this move.
>


Don't copy the user profile. Try using the Files and Settings Transfer
wizard or F.A.S.T.

http://technet.microsoft.com/en-us/l.../bb457074.aspx

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca