+ Post New Thread
Results 1 to 6 of 6
Windows Server 2000/2003 Thread, Restricted Users folder in Documents and settings in Technical; Hey Guys, I was on my 2003 box today and I noticed that there was a domain user's folder that ...
  1. #1

    Join Date
    Jan 2013
    Posts
    4
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Restricted Users folder in Documents and settings

    Hey Guys,

    I was on my 2003 box today and I noticed that there was a domain user's folder that was in C:\documents and settings\
    the local security policy on the server only lets admins log in to the server so I was wondering if anyone knew how it was created.

    The users folder didn't have much in it just an applications data folder with only a few certificates in it, as well as ntuser.dat and a few other files. So it doesn't appear to be created from the default users profile...



    I thought some one may have ran a runas command but that creates a profile based on the default user.
    also under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList reg key
    the user shows up there but the "flags" dword is set to 5 where as other profiles that I have logged in with have other #'s
    the hkey for the user also lacks the ProfileLoadTimeLow and ProfileLoadTimeHigh dwords

    any help will greatly be appreciated.

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    12,181
    Thank Post
    1,651
    Thanked 1,973 Times in 1,445 Posts
    Blog Entries
    2
    Rep Power
    443
    Could have simply been copied by accident.

  3. #3
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,476
    Thank Post
    10
    Thanked 500 Times in 440 Posts
    Rep Power
    114
    I have seen this on 2003 and 2008 servers, I never did track down the process that causes the profile creation, although I am sure it wasn't the users logging into the server.

  4. #4

    Join Date
    Jan 2013
    Posts
    4
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks for the replys guys :-)

    McCoy you are right.

    Because I figured out what was causing the profiles to be created. I pretty much looked at the contains of the profiles and thought that it may be something to IE since the certificates were in there and what not.

    Anyways I tried everything and no luck..

    Since the contains of the profile had hashes and certificates in it I thought maybe I will try to encrypt a file on the users home folder...
    anyways I created a txt file encrypted it, checked my server and sure enough a profile was created..
    it is pretty interesting looking back on it now. it makes since that the server would have to have some info about the user who encrypted the file on the server so that that user could then decrypt it and view it's contents.... So the culprit seems to be NTFS filesystem encryption.
    Last edited by Sloth; 2nd February 2013 at 03:15 AM.

  5. Thanks to Sloth from:

    DMcCoy (3rd February 2013)

  6. #5
    Patrickv's Avatar
    Join Date
    Jan 2012
    Location
    New Zealand
    Posts
    59
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    6
    Remote Desktop Connection purhaps, I have seen an example of a domain user login into a server remotely.

  7. #6
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    493
    Thank Post
    44
    Thanked 74 Times in 69 Posts
    Rep Power
    21
    EFS will do it since you have to spoof kerberous login or something like it.

    GPO to prevent EFS solved it for me.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 3
    Last Post: 16th July 2010, 11:56 AM
  2. Restrict user access in Joomla
    By rocknrollstar in forum Web Development
    Replies: 3
    Last Post: 13th October 2009, 10:52 PM
  3. Replies: 6
    Last Post: 21st May 2009, 10:16 PM
  4. Replies: 21
    Last Post: 29th December 2007, 10:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •