locked
Blocked User Profile RRS feed

  • Question

  • Hi Microsoft Members

    Please, I need help. I installed the Microsoft Steady State in the computer shared in my company. I blocked a user profile of one user. After, I realize that this rule not was necessary. So, I open the Steady State and I disable this option. But, my action was not attend. I remove the program and install again, but the profile continue blocked.

    Can we help me?

    Thanks.

    Wednesday, July 18, 2007 7:38 PM

Answers

  •  

    Hi Emerson,

     

    The “Lock profile to prevent the user from making permanent changes” option is implemented via mandatory user profile. When you choose “Lock profile to prevent the user from making permanent changes” option, SteadyState will change the ntuser.dat of the corresponding user profile to ntuser.man (mandatory profile) and rename the profile folder to <UserName>.orig.

     

    According to the symptom, it seems that the user profile could not be changed back to unlocked. Considering the current situation, let us unlock the user manually by changing it back to normal user profile:

     

    1.    Rename the “C:\Documents and Settings\<username of the locked profile>.orig\ntuser.man” file to ntuser.dat.

    2.    Rename the “C:\Documents and Settings\<username of the locked profile>.orig” folder to “<username of the locked profile>”.

     

    Another similar issue:

    http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=1792330&SiteID=69

     

    Regards,

    Monday, July 23, 2007 8:42 AM

All replies

  • Friday, July 20, 2007 12:37 AM
  •  

    Hi Emerson,

     

    The “Lock profile to prevent the user from making permanent changes” option is implemented via mandatory user profile. When you choose “Lock profile to prevent the user from making permanent changes” option, SteadyState will change the ntuser.dat of the corresponding user profile to ntuser.man (mandatory profile) and rename the profile folder to <UserName>.orig.

     

    According to the symptom, it seems that the user profile could not be changed back to unlocked. Considering the current situation, let us unlock the user manually by changing it back to normal user profile:

     

    1.    Rename the “C:\Documents and Settings\<username of the locked profile>.orig\ntuser.man” file to ntuser.dat.

    2.    Rename the “C:\Documents and Settings\<username of the locked profile>.orig” folder to “<username of the locked profile>”.

     

    Another similar issue:

    http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=1792330&SiteID=69

     

    Regards,

    Monday, July 23, 2007 8:42 AM
  • Hi all....  I have the SAME problem but different!!!  Basically the opposite.........   I had tweaked multiple computers for an i-cafe, starting with an example machine, exporting the user profile to thumb drive, and then installing/tweaking all the same programs on IDENTICAL hardware, and importing the first user profile when done.  I tested, surfed, added printers, created desktop shortcuts, all the usual.  Everything was quite smooth.... the imported .ssu file worked fine, renaming each profile on each machine, getting all the programs customized, configured and working.  I then locked the profiles but left Disk Protection enabled but "set to retain all changes permenantly".   WHAT a mistake!!!!

     

    I thoroughly understand Shawn's explaination of the .dat and .man profiles.  I have manually made templates and mandatory profiles for Active Directory and many other situations.  The problem???  I wanted to manipulate a few things I had forgotten AFTER making the profiles "locked" or mandatory so entered as admin into WSS.  Unlocked the profile and re-entered as the shared profile.  After searching (rebooting) for 2-3 minutes the machine(s) basically created new profiles taking most of the settings from "Default User" with multiple problems including incredible slow boot times, no icons on desktop, program shortcuts not woking and giving strange error messages, of course, because had been installed through another user name (even though the SAME) NONE of the custom configs I had "finalized". 

    Logged on as the shared profile in explorer tree you can see in Docs & Settings of what appears to be "temp profile" with same name as given in WSS with ntuser.dat file of (in my case) 1024kb.  None of the configuration changes I had made; desktop icons, nothing really were there.  Logged off and logged back in as admin and in explorer tree could see the EXACT folders and files Shawn mentions .... <username of locked profile.orig) BUT NO MORE "duplicate" user name without .orig appended and a .dat file of same (1024) size as was visible logged in as user.  IF I lock the profile through WSS which immediately adds .man append to the THEN (as admin) visible c:\Docs&Settings\<username of locked profile> .orig in exporer tree.  However, immediately logging off; and either restarting OR going straight into the profile it again takes forever to reboot and basically builds another, as before, profile;  NOT using any of the .man settings instead using what appears to be data from Default User.  After this second reboot into shared user profile and then back out and into the admin there is only a 256K .dat file in the <username of locked profile>.orig folder, NO duplicate <username of locked profile> and no way to edit or change anything.

     

    I refuse to believe this behaviour can not be manipulated or changed with .xxx entries, registry tweaks, or somthing.  The "custom" info I created is THERE just INACCESABLE!!!  Footnote..... ALL the machines I did not try to do something after profile lockdown are working FLAWLESSLY.  SOMETHING in UNLOCKING A LOCKED profile and then trying to "RE-LOCK" it is the villain!!!!!! 

     

    THANKS for listening........ I was a beta tester for this program and NOW know why Coby continuously asked us on weekly conference calls what our experience was AFTER using locked profiles!!!!!  Unfortunately, at time of Beta I was not able to test like I am now....

    Bill

     

    Wednesday, July 25, 2007 2:15 AM
  • Hi Bill,

     

    I understand the inconvenience you have encountered. As the current problem is different from the original issue in this thread, It will be better to create a new thread by clicking the “New Thread” button at the top of this web page. By doing so, more visitors can find it easily. It also will be very helpful to other users who encountered something similar. Thank you for your understanding.

     

    By the way, I would like to know whether this is a domain environment as some AD configurations can affect the creation of the new user profile. Please check whether Windows Disk Protection has been set to “Remove all changes at restart” and if the following option is selected:

     

    Global Computer Settings -> Set Computer Restrictions -> “Prevent locked or roaming user profiles that cannot be found on the computer from logging on”. If this option is on, please uncheck it to test this issue.

     

    If the problem continues, please submit a new post for this issue. I am glad to work with you there.

     

    Best Regards,

     

    Friday, July 27, 2007 2:44 AM