locked
Profile partially deleted RRS feed

  • General discussion

  • I'm going to do my best to describe this situation, because it doesn't happen everytime.

     

    SteadyState is already installed and the locked down profile is called "all".

    This system is a clone from an original image.  The system is shipped out with the "all" profile left unlocked.

    On the admin's desktop I have two batch files called lock and unlock.  These two batch files import a .ssu file that has all restrictions removed, unlock.ssu, and the then custom settings for lock.ssu.  The unlock batch file also gives the "all" user admin rights so that we can make changes easily to anything.  The lock.bat removes the admin rights so the public user cannot do "admin things" (for lack of better words).  Here is what the batch files look like.

     

    lock.bat:

     

    echo off
    net localgroup administrators /delete all

    cd\
    cd\Program Files\Windows SteadyState
    sctui.exe /Import all "" C:\locked.ssu

    echo ***********************************************
    echo *                                             *
    echo *  ALL profile is now LOCKED and admin        *
    echo *  rights REMOVED.                            *
    echo *                                             *
    echo ***********************************************

    pause

     

    unlock.bat

    echo off
    net localgroup administrators /add all

    cd\
    cd\Program Files\Windows SteadyState
    sctui.exe /Import all "" C:\unlocked.ssu

    echo ***********************************************
    echo *                                             *
    echo *  ALL profile is now unlocked and has admin  *
    echo *  rights.  Remember to lock the profile      *
    echo *  when done modifying.                       *
    echo *                                             *
    echo ***********************************************

    pause

     

    Now SOMETIMES when you run the unlock batch file it "partially" deletes the "all" user.  The all.orig folder is still under Documents and Settings, but if you go to Control Panel and User Accounts, "all" is not listed!  If you try to add back the "all" user, it really fouls things up.  So then you are left to recreate the user, but that calls for a spiritual cleaning (as one of my co-workers called it).  So here are my questions.

     

    1. When is the all.orig folder created?

    2. Is the all.orig folder changed to just all (with no .orig after it) when it is unlocked?

    3. Is there something wrong with my batch file (please say no, because they will tar and feather me if there is 8|  )?

     

    Hope to find out what is going on because we have LOTS more systems to install (we are talking hundreds)!

     

    Thanks

    Friday, September 21, 2007 6:54 PM

All replies

  • Hi East-TN,

     

    Here are my answers:

     

    1. When is the all.orig folder created?

    -----------------------

    When a user profile is locked. <username>.orig is used to store the original user profile. A temporary profile folder with user name will be created when user logs on.

     

     

    2. Is the all.orig folder changed to just all (with no .orig after it) when it is unlocked?

    -----------------------

    Yes. Unless all.orig cannot be renamed due to some reason such as being locked by some other programs. We can try the following steps to troubleshoot this kind of issue:

     

    a. Install UPHClean on the problematic client.

     

    User Profile Hive Cleanup Service

    http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

     

    b. When this issue happens, check if all.org folder can be renamed or deleted manually.

     

     

    3. Is there something wrong with my batch file (please say no, because they will tar and feather me if there is 8|  )?

    -----------------------

    Based on my test, it works on my computer. It should be correct.

     

     

    As to the “all account cannot be found under Control Panel -> User Accounts” issue, I would like to confirm the following question first:

     

    1. Did this issue occur on other accounts?

    2. Did this issue found under account "all" or other user account ?

     

    Based on my experience, this kind of issue can occur if a user profile is disabled. Please check this with steps below:

    -----------------------

    a. Log on as an administrator account.

    b. Click Start, right click “My Computer” and then click Manage.

    c. Click Local Users and Group -> Users.

    d. Please check if account all is here. Double click to open the user profile to check if it has been disabled.

     

    As I know, if you have Windows Disk Protection (WDP) enabled, SteadyState will temporarily disable local user accounts to prevent unapproved disk changes from being saved at the same time.

     

    Best Regards,

     

    Monday, September 24, 2007 11:02 AM
  •  

    I have not had a chance to try these suggestions yet.  Although I did have a co-worker tell me today that after she got everything set up and working right.  She installed Cyber-Sitter and then rebooted the system.  When she logged into the admin account the "all" profile was gone from the user list.  A folder named "all.%computername%" was there instead.  There was no folder with .orig in the Documents and Settings folder. 

     

    P.S. - Somehow this post got marked as being an answer...

    Thursday, September 27, 2007 8:36 PM
  • Hi,

     

    As this thread has been quiet for a while, I though you have got this issue fixed.

     

    As to the "all.%computername%" folder, it can be a temporary profile folder. Please create a new profile from SteadyState and then lock it to check if issue also occurs on other accounts. If issue persists, we can consider performing a Clean Boot to disable third party programs which may cause this issue.

    ---------------------

    1. Click Start, go to Run, and type "msconfig" in the open box to start the System Configuration Utility.

    2. Click the Services tab, check the "Hide All Microsoft Services" box and click Disable All. Select “

    3. Click the Startup tab, click Disable All and click OK.

    4. Create locked user profile again.

     

    By the way, I would like to confirm if User Profile Hive Cleanup Service has been installed and there is no other problem when using SteadyState.

     

    Regards,

    Friday, September 28, 2007 10:32 AM
  • Here is what I have discovered so far...

     

    If the ALL user has a password and my unlock/lock batch files do not have that password (by default it has double quotes for NO password), running either the lock or unlock batch file will cause the ALL user to be deleted.  The command prompt screen that is up when doing the import reports that the password is incorrect and to hit Enter to continue.  I go check the list of users in SteadyState and in the user list under Computer Management and it is gone.  The ALL folder or ALL.orig folder is still there though.  It seems that if the import script runs into any errors it deletes the user that is to be imported.  Please see if you can re-create this same problem by doing this.

     

    1. Give the user a password.

    2. DO NOT change the unlock or lock batch file to match the password just leave the double quotes in.

    3. I bring up the Computer Management window and can actually watch the user disappear from the list.

     


    I know the simple solution would be to make sure that we have the password is in the batch file, but by design I think it should not delete the user, but just give you the error message.

     

    I haven't confirmed any other way that I can make the user disappear, but I think this isn't the only way this is happening.

     

    Thanks

    Thursday, October 4, 2007 3:27 PM
  • Hi  East-TN,

     

    Thank you for your sharing and continuous efforts. I have tested with your steps. However, it seems everything works in my current test. I have included my steps for your reference:

     

    1. Create user “All” from SteadyState (with password a), lock it and import it to Locked.ssu. Delete the user profile from SteadyState.

    2. Create user “All” again (with password b), configure No Restrictions on it. Open “Control userpasswords2” and configure it into administrators group. Import it to Unlocked.ssu. Delete the user profile from SteadyState.

    3. Run Locked.bat. User “All” can be found from Computer Management window. Folder All.orig appears under C:\Document and Settings.

    4. Run Unlocked.bat. User “All” can also be found from Computer Management window. Folder “All” replaces All.orig under Document and Settings folder.

     

    As the SSU file will not store user’s password, the issue should be caused by other factors instead of password configurations.

     

    Based on my further research, I suspect when the issue occurs, some files under “All” profile folder have been locked. The NET command can run properly to delete/add user name from the system. However, it will not delete/add user profile folders under Documents and Settings (this is by design). When running the import command, it will try to delete the All’s user profile to a new one. However, as some files have been locked, this command was not completed. Thus, user “All” was not created and we cannot find it from the system either.

     

    If this issue occurs in the future, I recommend trying to delete the profile folder first. If the profile folder cannot be deleted, it should be the root cause. We can unlock the profile with some tools such as Unlocker, which can also find which program is using the user profile.

     

    Unlocker 1.8.5

    http://ccollomb.free.fr/unlocker/

     

    Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise, regarding this product's performance or reliability.

     

    Best Regards,

    Monday, October 8, 2007 10:32 AM