Starting to have problems with our student profiles. The set up is a Windows Server 2003 environment with clients using Windows XP Professional, all users have a roaming profile, the difference being the students profile is mandatory. We have noticed recently two problems occuring. 1) The local proflie created on the client computers when the user logs on is not being deleted by the UPH clean up process although this is hit and miss for some students. 2) When certain students log on they get the error "windows cannot find the local profile and is logging you on with a temporary profile e.t.c" It then creates a TEMP folder for that profile. Folder redirection for the desktop, start menu and their documents is still working via the GPO. The problem comes when they try to save work and basically it won't let them with a warning that they do not have permission or there is not enough space to save their work. The next user to logon then gets a TEMP.domain.000 profile. The next is TEMP.domain.001 etc.
We are starting to get quite a large amount of profiles amassing on the c:\documents and settings folder on each client machine. Having looked at the event viewer in applications the error userenv 1511 and userenv 1521 appear. Having googled these errors the solutions seem quite confusing and the first attempt has made no difference basically editing the registry on a machine to delete the SID of the source user account from HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\currentversion\profile list. I have found two SIDs that match user logon names but there are generally 30 or 40 entries here that could be going back some time.
I cannot believe we are the only ones who have come across this problem and was hoping for advice on a solution.
We have a very similar setup to you: 2003 network with XP Pro clients. Staff have roaming profiles and pupils have mandatory.
In theory, the Group Policy to delete cached profiles will remove the local copy of the profile when the user logs off. I have this set and in practice it does so "most of the time".
The fix: I wish I knew; it seems to be a feature :( I have resorted to delprof.exe run as part of a startup script and things are running much better with this.
If you search the boards (or google) delprof is well documented and would be worth a try for your problems, I think.
Thanks for the reply, reassuring to know we are not alone on this problem. My experiences with delprof have not been great as when the program runs it tends to delete some profiles and then bangs out with errors. When I looked into this it seems that profiles sometimes get locked and delprof halts when it cannot delete. I would be grateful if you have a workaround to this or an idea of how your setup works.
Theres a great script to delete profiles knocking around on these forums ive been using it for a while now and its great. I put a link to it if i find it, or i'll post the script on monday.
I ve found with the local profiles if you enable the gpo to not allow temp logons and also the workstation policy to wait for policy's and scripts to run before allowing a user to log on . I had the same issues you had and these two policies sorted the probelms.
I found delprof to work best on startup... I seem to get fewest problems then. I can't remember the precise details of my setup (at home now :) ) and its a while since I did it. Have bookmarked this thread for next week, unless someone beats me to it.
To be honest if you control profile sizes (by making them mandatory), there's little need in my view to go to the effort of deleting profiles, unless you're running out of space on workstations?
Several possibilities for roaming profiles not working is usually permissions. Users should have Full Control to the Profiles$ share and secondly, is DHCP working OK? DHCP does sound like it's working ok (from what you describe), but certainly worth checking.
my setup is exactly like this - I have found that as long as you set GP to delete cached profiles and THEN run delprof on startup most of the bits and pieces are removed.
Originally Posted by elsiegee40
But it is never perfect and I wish I knew why!
As with most GPO's finding the relevant setting can be quite frustrating. From what I can see we already have the wait for policies and scripts to run before allowing user to logon but not sure about the not allow temp logon setting. Any pointers as to where this lies would be grateful.
Computer\Admin Templates\System\User Profiles
do not log users on with temporay profiles - enabled
heres the vbs Script i use to remove old profiles .
On Error Resume Next
Set fso = CreateObject("Scripting.FileSystemObject")
strPath = "C:\Documents and Settings\"
set excludefile = fso.OpenTextFile("\\sec-dbserver\mandatory profiles$\profiles-clean\exclude.txt[/COLOR]", 1)
excludelist = excludefile.Readall
Set f = fso.GetFolder(strPath)
' Loop through all subfolders
For Each fldrItem in f.SubFolders
fldrName = fldrItem.name
If Right(strPath,1) <> "\" Then
Pathfinder = strPath & "\" & fldrName
Pathfinder = strPath & fldrName
If InStr(1, excludelist, fldrName, 1) Then
'msgbox "Has not deleted " & fldrName
'msgbox "Deleting " & fldrName
set obtainfolder = fso.GetFolder(Pathfinder)
' Clean up objects
Set fso = Nothing
Set fc = Nothing
make sure you change the paths to the exclude txt file, just put the names of the users you wish to not delete in this file , Like this:
couldn't you just use the delprof script to do the same and set it to run on profiles older then X period?
Thanks for the reply. Don't know if we are just having a blonde moment here but navigating to this section of our student computer policy GPO does not seem to have any wording regarding "do not log users on with temporay profiles - enabled".
Any thoughts !!!
Thanks for all posts on this one.
Have noticed that the Delprof program only deletes profiles that are listed in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Profile List. Unfortunately this leaves multiple profiles still in the c:\documents and settings folder. At present not sure why the remaining profiles are not listed in the registry.
Any ideas !!!
I think you should work on figuring out why the machines are not getting the mandatory profile. I have the same setup , Win 2003 and Xp pro. Sounds like a network issue. Likely a DNS issue. Set a GPO to give the clients the DNS address of the main LAN DNS server. If you are running the Win 2003 as a DNS server, go look at the entries for the Server itself. Does it resolve to more than one IP address? Are there two network cards active on your server? Are the clients trying to resolve to the DNS server and getting the address of the wrong card? Then they fail to get resolved, can't get the mandatory profile and then the problems start.