Changing XP login from Local to Domain While Maintaining Local User.

Discussion in 'Windows Networking' started by TomTech, Sep 27, 2007.

  1. TomTech

    TomTech Guest

    I've taken over a network which is half workgroup, half domain on
    2003Server. I'm a network tech with limited experience with domain
    management.

    Three of the computers are members of the domain, but are logging into
    their local-computer, not the domain.

    At the XP login screen, II can select to have them log in to the
    domain, but not without creating a whole new user (and associated
    folders under documents/settings). The new user name (folder name)
    becomes OriginalUserName.DomainName.

    These computers are so complex in their use that transferring the
    users over to a new User Name would be a nightmare.

    Is there a way to convince the system to log them into the Domain, and
    not Locally, while keeping their 'world' intact?

    Thanks for any worthwhile input.

    Tom
     
    TomTech, Sep 27, 2007
    #1
    1. Advertisements

  2. Log in with the original local account.
    Use the File & Settings Transfer Wizard to "save" the profile somewhere
    safe.
    Locate the *.pst file for Outlook (if such is being used) and copy it to a
    safe place.

    Log in with the Domain Account.
    Use the File & Settings Transfer Wizard to import the profile from the safe
    place you saved it.
    Copy or move the *.pst file from where it was saved to the matching location
    in the new profile that compares to where it was in the old profile.
    Configure Outlook if it did not automatically configure when the profile was
    imported.

    Logically the *.pst file should export/import along with the profile when
    using the Wizard,...but I've seen it fail to do so and therefore don't trust
    it,..so I cover my rear-end.

    You can now delete the profile from the local account and delete the local
    accout itself from the machine so that the user does not use it and cause
    confusion.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
     
    Phillip Windell, Sep 27, 2007
    #2
    1. Advertisements

  3. TomTech

    TomTech Guest

    It's not that simple.

    Obviously, I know about Transfer Wizard, .pst and the like....

    Were talking massive amounts of network shares, 3rd party programs
    that tie themselves into files and settings in the User folder
    structure, and Users that can't deal with any down time or disruption.

    Let's leave the question in it's original form: Does anyone know how
    to switch log-ins from Local to Domain on the XP Log-in screen without
    Disturbing the current User as setup in the XP system?

    Tom
     
    TomTech, Sep 27, 2007
    #3
  4. Then did you actually try it to prove it doesn't work?
    To the best of my knowledge,...beyond what I already suggested,...no,..there
    is no such thing.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Sep 27, 2007
    #4
  5. TomTech

    TomTech Guest

    Then did you actually try it to prove it doesn't work?

    Ya, that's how I discovered that changing the log-in creates a new
    user.

    Luckily, the original User is not touched, so logging off and re-
    logging in under "Local (This Computer)" put me back into the original
    User profile.

    I've experimented with allowing it to create the new user then trying
    to copy the whole Old-User structure over to the new account, but with
    the name change (UserName.DomainName) things still were too messy and
    prone to errors within the 3rd party software.

    Just seems to me that there should be a clean way to make this move.

    Thanks For Your Try...

    Tom
     
    TomTech, Sep 27, 2007
    #5
  6. TomTech

    TomTech Guest

    And, by the way....you do know that the 'views expressed' by your cats
    ALWAYS override your own.
     
    TomTech, Sep 27, 2007
    #6
  7. TomTech

    Bill Grant Guest

    Do you actually need them to log into the domain or do you simply need
    them to have access to domain resources?

    If you do a local login and the workgroup name is the same as the domain
    name, the domain security check will accept the local login credentials as
    long as it matches a domain account. A local login to account billg in
    workgroup fred is accepted by the domain fred if the account billg exists as
    a user in the domain user database. In other words, the domain trusts the
    local security provider.
     
    Bill Grant, Sep 28, 2007
    #7
  8. TomTech

    a Guest

    Are you sure that is true? The SID should not match for the local user
    and the domain user, even if the username is the same. If what you are
    saying is true, what is to stop a complete stranger from connecting their
    own machine, setting its workgroup to match the domain, and logging in
    with the same username as a domain user and gaining access to that user's
    domain resources?

    === NOW === Back to the original question:
    NOTE: I suspect that the procedure below may not be recommended for some
    reason or other, but I have done this lots of times without ill effects.

    If you have the machine joined to the domain, log in as the domain user
    (allowing it to create a new profile directory - this can be deleted
    after the rest of this procedure is done).
    Then log in as a different user that is a local administrator and go into
    the registry under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    \ProfileList

    and find the one for the domain user (you should be able to tell which
    one from the SID or from the ProfileImagePath value)
    Then, change the ProfileImagePath value to match the path to the local
    user's profile. Change the NTFS permissions on that profile folder to
    allow the domain user full access (like the local user already has).
    Now, when the domain user logs in, they will load the same profile as the
    local user. The local user could then be deleted, as well as the now
    unused profile that was created when the domain user logged in for the
    first time. I sometimes leave the local user intact, so they can log in
    as either one and get the same profile (but not the same access to
    network resources).

    I sometimes do this the other way around, to keep the domain user's
    profile for a new local user when a machine is leaving the domain.
     
    a, Sep 28, 2007
    #8
  9. TomTech

    Bill Grant Guest

    What does the SID have to do with it? The machine is not joining the
    domain. The user just has access to domain resources like shared files. It
    works for W98 clients which can't join a domain.

    If a person knows the username and password of a valid domain user there
    are easier ways than that to access domain resources.
     
    Bill Grant, Sep 28, 2007
    #9
  10. TomTech

    Kerry Brown Guest


    Don't copy the user profile. Try using the Files and Settings Transfer
    wizard or F.A.S.T.

    http://technet.microsoft.com/en-us/library/bb457074.aspx
     
    Kerry Brown, Sep 28, 2007
    #10
  11. TomTech

    a Guest

    Yes, you can attach to domain resources from a machine that is not a
    member of the domain. But you are using domain credentials, not the
    local ones (which is why you need to supply the password, which you did
    not mention in your first statement). After you have connected once,
    your local machine can cache this information so that on future
    connections it can supply them without you having to re-enter them.

    A domain does not "trust" anything outside of it (if it is set up
    correctly), unless a trust relationship has been set up.
     
    a, Sep 28, 2007
    #11
  12. TomTech

    TomTech Guest

    === NOW === Back to the original question:

    This didn't work.

    I tried it several different ways based on the instruction provided,
    and it didn't successfully use the original User profile in the new
    environment.

    I should clarify that the test machine is Win2K and not XP, which
    could make a difference. The two machines I really need this to work
    on are XP, but am very reluctant to experiment with those.

    I'll keep plugging away...

    Tom
     
    TomTech, Sep 28, 2007
    #12
  13. TomTech

    a Guest

    I don't think that it being 2k matters - I have done this with that
    version of Windows, as well. When you tried this, did it just keep using
    the newly created domain user profile, or did it create yet another new
    one? If the former, you may not have changed the correct user's
    ProfileImagePath setting, and if the latter, you possibly didn't get the
    permissions set on the local profile so that the domain user could use
    it. It may help to do a reboot in between each step to make sure it re-
    reads the registry setting and unloads the hive before you try logging in
    as the user again.
     
    a, Sep 29, 2007
    #13
  14. TomTech

    TomTech Guest

    I don't think that it being 2k matters - I have done this with that
    Just to keep this thread alive:

    I haven't disappeared. I just haven't had time to experiment further.

    Once I do, I'll post the results for future generations.

    Tom
     
    TomTech, Oct 3, 2007
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.