Duplicated User Accounts

[`Felix`]

Hi All,

I have been doing some stuff with unattended backup and installs using scripted installs and ghost. A user logs on to the system, their user account is created on partition 2 (system is on partition 1) so it is easy to restore or upgrade a system without having to do much with the user data.

This all works correctly, however the problem i have is after i restore partition 1 using ghost, and the same user logs on again, they have a new account created using the preferences in the default user profile because the system does know anything about their profile even know it is still on partition 2 - so the user profile folder is duplicated with the machine name appended. see below

before restore

d:\documents and settings\user1

after restore

d:\documents and settings\user1

d:\documents and settings\user1.machine_name

Does anyone know how to overcome this issue?

Any and all help appreciated

[MCT]

put the files in $OEM$\$Docs into an SFX file & have it extract @ T-12

the problem occurs when windows sees the directory is already made

[`Felix`]

put the files in $OEM$\$Docs into an SFX file & have it extract @ T-12

the problem occurs when windows sees the directory is already made

Thats a good idea, however it will old work if i was doing a scripted install - i am having the problem after a restore of partition 2. That is to say i have already installed the system to partition 1 via unattended method and then taken a ghost image of partition 1. now when i restore partition 1 from the backup image i have the problem stated above.

[`Felix`]

Has no one seen this problem?

[TrAvELAr]

Are you running sysprep before you make your ghost image or are you just imaging the drive?

[`Felix`]

Are you running sysprep before you make your ghost image or are you just imaging the drive?

Yep sure am and the mini setup is running after the restore to fix duplicate SID's

[TrAvELAr]

When you sysprep it, did you tell it to generate a new sid (only required if the restore is going to another machine)? If you are generating a new sid, that would cause this problem.

-nosidgen - Runs the Sysprep.exe file without generating new SIDs. You must use this parameter if you are not duplicating the computer where you are running the Sysprep.exe file or if you are preinstalling domain controllers.

[`Felix`]

When you sysprep it, did you tell it to generate a new sid (only required if the restore is going to another machine)?  If you are generating a new sid, that would cause this problem. 

-nosidgen - Runs the Sysprep.exe file without generating new SIDs. You must use this parameter if you are not duplicating the computer where you are running the Sysprep.exe file or if you are preinstalling domain controllers.

Good point and yes i have tried both. The problem arrises because the restore is from a default clean image and so it doesn't know about the users that have logged on since the build... therefore when the machine is restored the accounts as far as the USER Accounts are missing... so basically i need to be able to backup the sam and security configurations and then restore those... something you may be interested in is this information - this basically is what is happening.

HOW TO: Restore a User Profile

[TrAvELAr]

Ahhh... I see now. I was assuming that the user base was already populated. Let me do some investigating for you today.

[`Felix`]

Ahhh... I see now.  I was assuming that the user base was already populated.    Let me do some investigating for you today.

Hi TrAvELAr,

Thankyou for taking the time to investigate and help me out - i would be interested in reading what you find out....

In the meantime i have managed to write a batch file to check this and correct the issue automatically - I am in the process now of looking to programing it into a single com or exe file as there are some other utils like getsid and reg that are currently used with the batch file that i believe i can do away with in a single application file.

I will post the results when i have finished Look forward to reading your next message.

[TrAvELAr]

Hey 'Felix',

Sorry for the delayed response, but things got a bit hectic around here. I was able to reproduce this, but I have not had sufficient time to come up with a working solution. It sounds like you have something in the works tho, albeit somewhat painful.

I'm interested in seeing what you've come up with.

[`Felix`]

Hi TrAvELAr - sorry bout the delayed response.....

Ok here is my present solution (fully tested and working)

[Tested on Windows 2000, Windows XP and Windows 2003 - Windows NT users a little bit different naming process]

UserProfileChecker.cmd

@echo off
cls
::If other than WinNT (2000/XP/2003) Environment - bailout.
IF %OS%!==! GOTO _NotNT
setlocal
GOTO _CHECKS

:_CHECKS
::Get current user SID.
FOR /F "tokens=7" %%A IN ('getsid \\%computername% %username% \\%computername% %username%') DO SET USERSID=%%A
::Get current user Profile Path.
FOR /F "tokens=2* delims=\" %%A IN ('reg query "hklm\software\microsoft\windows nt\currentversion\profilelist\%USERSID%" /v ProfileImagePath') DO SET PIP=%%B
::If the current username and the current user profile path match - bailout!
IF "%USERNAME%"=="%PIP%" goto _eof
::Set Directory to be removed next logon...
FOR /F "tokens=2*" %%A IN ('reg query "hklm\software\microsoft\windows nt\currentversion\profilelist\%USERSID%" /v ProfileImagePath') DO SET ToRemove="%%B"
::Get the system profiles path - normally %systemdrive%\documents and settings\
::Or D:\documents and settings\
FOR /F "tokens=2*" %%A IN ('reg query "hklm\software\microsoft\windows nt\currentversion\profilelist" /v ProfilesDirectory') DO set USERDIR=%%B
::Check the system profiles path for a directory name that matches the username
echo %USERDIR% | DIR /AH /B "%USERDIR%\%username%\NTUSER.DAT" | find /c /i "NTUSER.DAT" >NUL
::If no match - bailout!
if errorlevel 1 goto _eof
IF NOT "%USERNAME%"=="%PIP%" GOTO _ModifyUserImagePath

:_ModifyUserImagePath
call :_splash
::Let the user know something is happening...
popup /YN /HF "userprofilechecker.hlp" /IE /M "Duplicate User Profile Detected" /T "User Profile Checker 1.0"
if errorlevel 7 goto _eof
::if use says yes - then update the users SID Profile Image path to original value...
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%USERSID%" /v ProfileImagePath /t REG_EXPAND_SZ /d "%userdir%\%username%" /f >NUL
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths" /v %USERNAME% /d "%userdir%\%username%\My Documents" /f >NUL
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v RemoveDuplicateProfile /d "%comspec% /C RMDIR /S /Q ""%ToRemove%""" /f >NUL
rem shutdown -l -f
goto _eof

:_NotNT
cls
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo This program is designed for Windows NT, Windows 2000, Windows XP, Windows 2003
echo and above.
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
goto _eof

:_ERROR
cls
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo  You have cancelled this update, as a result your profile will not be updated.
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
goto _eof

:_Splash
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo  User Profile Checker v1.0
echo  Copyright 2004-2005 Darren Blackley, Simplify I.T. All rights reserved.
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

:_EOF

Required 3rd party utilities for the batch to work.

REG.EXE - Windows Resource Kit

GETSID.EXE - Windows Resource Kit

SHUTDOWN.EXE - Windows Resource Kit

POPUP.EXE - Just a windows message popup for notifying the user. (Attached)

UserProfileChecker.hlp

********** A DUPLICATE OF YOUR USER PROFILE HAS BEEN DETECTED. **********

This situation can happen when your computer has been restored from a disaster/
System crash, an operating system upgrade, a service patch/hotfix or your user
Account has been erroneously deleted from the computer.  

Your original user profile including your files should all be available under your
original profile directory.  Presently you are operating on a default (new) 
profile that Windows as created for you because it has found a duplicate directory.

To restore your original profile and regain access to all of your original user
configuration including My Documents etc. - Click on YES. 
Note: Once you click yes, your profile will be automatically corrected and you will
be automatically logged off.  Simply Login again to gain access to your original 
profile.

If you do not wish to restore profile or require more information click NO and
contact your local IT support staff member.

For more specific information visit this reference on the Microsoft website:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314045

Next step is to build it all into a single exe or com so that no third party utils are required, however i am going to have to go away and learn some delphi or something to do that... any programmers like to give it a try?

popup.zip

[`Felix`]

Hi there all,

Finally after some weeks and many, many hours of work i have completed the next version of User Profile Checker. Version 2.6 YAHOO!

It is now a compiled file and has lots of smarts built in.

USE:

Ok now to use it you simply add it to the runonce key of your user profile - i suggest adding it to your default user ntuser.dat hive (if you want to know how to do this Click here).

If you add it to your default user runonce then add the command option RESTART. eg. UPC.EXE RESTART. What this will do is if any changes are made, UPC will then restart your computer after notifying the user. This is required to completely allow the change to be implemented and to remove the duplicate directories.

If you add UPC.EXE to your RunOnceEx during installation and you have a reboot at the end of your installation there is no need to use the RESTART option.

Each time you run UPC.EXE a log file called "AllUsersProfilefix.log" will be generated in c:\.

INSTALLATION:

-Installing to existing installation.

Simply extract the contents of the archive attached to your %systemdrive%\windows\system32 directory then it will be in the path and available from anywhere.

-Installing to AIO Installation CD or Network Share.

Simply extract the contents of the archive attached to your [path to AIO install point]\$oem$\$$\System32 directory then it will be in the path after your new installation of windows and available from anywhere.

Caveats:

- User must have Administrator access. I have not done any testing with Power Users accounts, however i expect it would work if you have allowed Power Users to make changes to the registry.

- Currently UPC will address the following profiles the first time you use it:

all users.windows, default user.windows, localservice.nt authority and networkservice.nt authority - the last 3 are normally hidden. It will also address the current user logged on by using the %username% environment variable. Other user accounts will not be effected until the actual user logs on.

TODO LIST:

- Address ALL system users (not All User profile) in a single pass, thus allowing an administrator to logon and run UPC once to correct the profiles and remove the duplicate directories.

- Add addition command line options: shutdown timeout, logfile name and location & some help syntax.

- Fully document functions and features.

- Maybe redevelop using VB or something else that would allow for the functions performed by getsid, popup and reg to be done internally.

---------------

Well that is about it for now, however we am open to suggestions and comments.

PLEASE TEST first before adding this to production systems. We (esas and I) have spent many weeks testing in VMware and actual machines, however we may have missed something.

Well i hope this address' your needs and is helpful - enjoy!

Ok esas has been continuing to refine my orginal code and has now compiled the code and related files into a single exe file that works very well. you can now download the current version here UPC | Mirror #1

Special Thanks to esas for his continuing work!

UPC.rar

Edited December 7, 2005 by `Felix`

[esas]

Great work Felix!

I'll test this during the next week.. You'll hear from me then..

[esas]

Hey Felix!

I've been testing UPC for some days now, and I have a few things to report..

1. When a duplicated userfolder is detected and deleted the originally folder doesn't appear in "My Computer"

2. The Popup only says "Duplicated profile dected", with the buttons "Yes"and "No". This isn't even a question. I really liked your previously version with the help button, and the possibility to write my own popup. (I would also like to translate this to my norwegian XP by time)

3. The popup is being displayed no mather what. Even if there isn't a duplicated account. It also creates the logfile, even though it doesn't delete anything.

4. I can't get the RESTART option to work. I have to restart manually. Is it necessary to restart? Is is not enough to logof the user like in the first version? Just asking.

5. A SILENT option would be great. That way I won't have to answar yes during RunOnceEX. This wasn't a issue in the first version as I could edit the cmd-file myself. Can't do that now.

That's all.....

I also want to thank you for the work you have done so far. You are great!!