User Profiles won't change
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
Hi,
I ran into a problem with 3 computers in the same office,
where everytime the users would log on their personal
settings would have dissappeared, I would have to re-
create their Outlook settings, re-enter their name and
initials in MS Word, I even placed some files on their
desktop and they would dissapear. Their Documents folders
would get erased. I'm trying to find out if there's a
virus that would cause this but I can't find anything.
The office manager is suspecting sabotage, but I can't
prove it. These PC are running with FAT32, I had to set
the users as Local Administrators to over ride this
problem. Anyone can help I would appreciate it.
Thanks
JMF
Hi,
I ran into a problem with 3 computers in the same office,
where everytime the users would log on their personal
settings would have dissappeared, I would have to re-
create their Outlook settings, re-enter their name and
initials in MS Word, I even placed some files on their
desktop and they would dissapear. Their Documents folders
would get erased. I'm trying to find out if there's a
virus that would cause this but I can't find anything.
The office manager is suspecting sabotage, but I can't
prove it. These PC are running with FAT32, I had to set
the users as Local Administrators to over ride this
problem. Anyone can help I would appreciate it.
Thanks
JMF
More about : user profiles change
Archived from groups: microsoft.public.win2000.security (More info?)
It could be a virus or malicious user on the internal network. I would be more prone
to believe a malicious user if you found no evidence of a virus or worm and used
virus definitions as of today from the publishers website. I would suggest that you
do not use fat32 but instead use NTFS file permissions on your W2K/XP computers. You
can convert existing fat32 installations to ntfs without having to reinstall you
operating systems and applications, though a full backup is recommended just in case.
Then review the security steps at the second link below for small businesses by
Microsoft and be sure to use complex passwords, an account lockout policy, and make
as few users as possible administrators on your computers. --- Steve
http://www.microsoft.com/windows2000/techinfo/reskit/en...
http://www.microsoft.com/smallbusiness/gtm/securityguid...
"JMF" <anonymous@discussions.microsoft.com> wrote in message
news![:D]( ":D")
1cb01c48aa4$ae91b1f0$a601280a@phx.gbl...
> Hi,
> I ran into a problem with 3 computers in the same office,
> where everytime the users would log on their personal
> settings would have dissappeared, I would have to re-
> create their Outlook settings, re-enter their name and
> initials in MS Word, I even placed some files on their
> desktop and they would dissapear. Their Documents folders
> would get erased. I'm trying to find out if there's a
> virus that would cause this but I can't find anything.
> The office manager is suspecting sabotage, but I can't
> prove it. These PC are running with FAT32, I had to set
> the users as Local Administrators to over ride this
> problem. Anyone can help I would appreciate it.
>
> Thanks
> JMF
It could be a virus or malicious user on the internal network. I would be more prone
to believe a malicious user if you found no evidence of a virus or worm and used
virus definitions as of today from the publishers website. I would suggest that you
do not use fat32 but instead use NTFS file permissions on your W2K/XP computers. You
can convert existing fat32 installations to ntfs without having to reinstall you
operating systems and applications, though a full backup is recommended just in case.
Then review the security steps at the second link below for small businesses by
Microsoft and be sure to use complex passwords, an account lockout policy, and make
as few users as possible administrators on your computers. --- Steve
http://www.microsoft.com/windows2000/techinfo/reskit/en...
http://www.microsoft.com/smallbusiness/gtm/securityguid...
"JMF" <anonymous@discussions.microsoft.com> wrote in message
news
1cb01c48aa4$ae91b1f0$a601280a@phx.gbl...> Hi,
> I ran into a problem with 3 computers in the same office,
> where everytime the users would log on their personal
> settings would have dissappeared, I would have to re-
> create their Outlook settings, re-enter their name and
> initials in MS Word, I even placed some files on their
> desktop and they would dissapear. Their Documents folders
> would get erased. I'm trying to find out if there's a
> virus that would cause this but I can't find anything.
> The office manager is suspecting sabotage, but I can't
> prove it. These PC are running with FAT32, I had to set
> the users as Local Administrators to over ride this
> problem. Anyone can help I would appreciate it.
>
> Thanks
> JMF
Archived from groups: microsoft.public.win2000.security (More info?)
Yes I agree to convert to NTFS, assuming this was a
malicious user, how could he/she do this? There's no file
or registry security settings for them to set. How can
someone setup Win2k to reset the user's local profile to
the default profile?
>-----Original Message-----
>It could be a virus or malicious user on the internal
network. I would be more prone
>to believe a malicious user if you found no evidence of a
virus or worm and used
>virus definitions as of today from the publishers
website. I would suggest that you
>do not use fat32 but instead use NTFS file permissions on
your W2K/XP computers. You
>can convert existing fat32 installations to ntfs without
having to reinstall you
>operating systems and applications, though a full backup
is recommended just in case.
>Then review the security steps at the second link below
for small businesses by
>Microsoft and be sure to use complex passwords, an
account lockout policy, and make
>as few users as possible administrators on your
computers. --- Steve
>
>http://www.microsoft.com/windows2000/techinfo/reskit/en...
us/default.asp?url=/windows2000/techinfo/reskit/en-
us/prork/prdf_fls_duyn.asp
>http://www.microsoft.com/smallbusiness/gtm/securityguid...
e/hub.mspx
>
>
>"JMF" <anonymous@discussions.microsoft.com> wrote in
message
>news![:D]( ":D")
1cb01c48aa4$ae91b1f0$a601280a@phx.gbl...
>> Hi,
>> I ran into a problem with 3 computers in the same
office,
>> where everytime the users would log on their personal
>> settings would have dissappeared, I would have to re-
>> create their Outlook settings, re-enter their name and
>> initials in MS Word, I even placed some files on their
>> desktop and they would dissapear. Their Documents
folders
>> would get erased. I'm trying to find out if there's a
>> virus that would cause this but I can't find anything.
>> The office manager is suspecting sabotage, but I can't
>> prove it. These PC are running with FAT32, I had to set
>> the users as Local Administrators to over ride this
>> problem. Anyone can help I would appreciate it.
>>
>> Thanks
>> JMF
>
>
>.
>
Yes I agree to convert to NTFS, assuming this was a
malicious user, how could he/she do this? There's no file
or registry security settings for them to set. How can
someone setup Win2k to reset the user's local profile to
the default profile?
>-----Original Message-----
>It could be a virus or malicious user on the internal
network. I would be more prone
>to believe a malicious user if you found no evidence of a
virus or worm and used
>virus definitions as of today from the publishers
website. I would suggest that you
>do not use fat32 but instead use NTFS file permissions on
your W2K/XP computers. You
>can convert existing fat32 installations to ntfs without
having to reinstall you
>operating systems and applications, though a full backup
is recommended just in case.
>Then review the security steps at the second link below
for small businesses by
>Microsoft and be sure to use complex passwords, an
account lockout policy, and make
>as few users as possible administrators on your
computers. --- Steve
>
>http://www.microsoft.com/windows2000/techinfo/reskit/en...
us/default.asp?url=/windows2000/techinfo/reskit/en-
us/prork/prdf_fls_duyn.asp
>http://www.microsoft.com/smallbusiness/gtm/securityguid...
e/hub.mspx
>
>
>"JMF" <anonymous@discussions.microsoft.com> wrote in
message
>news
1cb01c48aa4$ae91b1f0$a601280a@phx.gbl...>> Hi,
>> I ran into a problem with 3 computers in the same
office,
>> where everytime the users would log on their personal
>> settings would have dissappeared, I would have to re-
>> create their Outlook settings, re-enter their name and
>> initials in MS Word, I even placed some files on their
>> desktop and they would dissapear. Their Documents
folders
>> would get erased. I'm trying to find out if there's a
>> virus that would cause this but I can't find anything.
>> The office manager is suspecting sabotage, but I can't
>> prove it. These PC are running with FAT32, I had to set
>> the users as Local Administrators to over ride this
>> problem. Anyone can help I would appreciate it.
>>
>> Thanks
>> JMF
>
>
>.
>
Archived from groups: microsoft.public.win2000.security (More info?)
All someone would have to do is logon as an administrator and delete the user's
profile. Then the next time a user logs on they will have a new profile created
for them based on the default profile. I suggest that you enable auditing of
logon events on those computers which can show what users are logging onto the
computer including via the network and also enable auditing of object access on
those computers and then enable auditing of the two delete permissions only for
this folder and subfolders for the documents and settings folder which should
generate events 560 and 562 in the security log when folders have been
deleted.--- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://support.microsoft.com/default.aspx?scid=KB;en-us;q248260
"JMF" <anonymous@discussions.microsoft.com> wrote in message
news:042801c48b05$57a9a710$a401280a@phx.gbl...
> Yes I agree to convert to NTFS, assuming this was a
> malicious user, how could he/she do this? There's no file
> or registry security settings for them to set. How can
> someone setup Win2k to reset the user's local profile to
> the default profile?
>
>
> >-----Original Message-----
> >It could be a virus or malicious user on the internal
> network. I would be more prone
> >to believe a malicious user if you found no evidence of a
> virus or worm and used
> >virus definitions as of today from the publishers
> website. I would suggest that you
> >do not use fat32 but instead use NTFS file permissions on
> your W2K/XP computers. You
> >can convert existing fat32 installations to ntfs without
> having to reinstall you
> >operating systems and applications, though a full backup
> is recommended just in case.
> >Then review the security steps at the second link below
> for small businesses by
> >Microsoft and be sure to use complex passwords, an
> account lockout policy, and make
> >as few users as possible administrators on your
> computers. --- Steve
> >
> >http://www.microsoft.com/windows2000/techinfo/reskit/en...
> us/default.asp?url=/windows2000/techinfo/reskit/en-
> us/prork/prdf_fls_duyn.asp
> >http://www.microsoft.com/smallbusiness/gtm/securityguid...
> e/hub.mspx
> >
> >
> >"JMF" <anonymous@discussions.microsoft.com> wrote in
> message
> >news![:D]( ":D")
1cb01c48aa4$ae91b1f0$a601280a@phx.gbl...
> >> Hi,
> >> I ran into a problem with 3 computers in the same
> office,
> >> where everytime the users would log on their personal
> >> settings would have dissappeared, I would have to re-
> >> create their Outlook settings, re-enter their name and
> >> initials in MS Word, I even placed some files on their
> >> desktop and they would dissapear. Their Documents
> folders
> >> would get erased. I'm trying to find out if there's a
> >> virus that would cause this but I can't find anything.
> >> The office manager is suspecting sabotage, but I can't
> >> prove it. These PC are running with FAT32, I had to set
> >> the users as Local Administrators to over ride this
> >> problem. Anyone can help I would appreciate it.
> >>
> >> Thanks
> >> JMF
> >
> >
> >.
> >
All someone would have to do is logon as an administrator and delete the user's
profile. Then the next time a user logs on they will have a new profile created
for them based on the default profile. I suggest that you enable auditing of
logon events on those computers which can show what users are logging onto the
computer including via the network and also enable auditing of object access on
those computers and then enable auditing of the two delete permissions only for
this folder and subfolders for the documents and settings folder which should
generate events 560 and 562 in the security log when folders have been
deleted.--- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://support.microsoft.com/default.aspx?scid=KB;en-us;q248260
"JMF" <anonymous@discussions.microsoft.com> wrote in message
news:042801c48b05$57a9a710$a401280a@phx.gbl...
> Yes I agree to convert to NTFS, assuming this was a
> malicious user, how could he/she do this? There's no file
> or registry security settings for them to set. How can
> someone setup Win2k to reset the user's local profile to
> the default profile?
>
>
> >-----Original Message-----
> >It could be a virus or malicious user on the internal
> network. I would be more prone
> >to believe a malicious user if you found no evidence of a
> virus or worm and used
> >virus definitions as of today from the publishers
> website. I would suggest that you
> >do not use fat32 but instead use NTFS file permissions on
> your W2K/XP computers. You
> >can convert existing fat32 installations to ntfs without
> having to reinstall you
> >operating systems and applications, though a full backup
> is recommended just in case.
> >Then review the security steps at the second link below
> for small businesses by
> >Microsoft and be sure to use complex passwords, an
> account lockout policy, and make
> >as few users as possible administrators on your
> computers. --- Steve
> >
> >http://www.microsoft.com/windows2000/techinfo/reskit/en...
> us/default.asp?url=/windows2000/techinfo/reskit/en-
> us/prork/prdf_fls_duyn.asp
> >http://www.microsoft.com/smallbusiness/gtm/securityguid...
> e/hub.mspx
> >
> >
> >"JMF" <anonymous@discussions.microsoft.com> wrote in
> message
> >news
1cb01c48aa4$ae91b1f0$a601280a@phx.gbl...> >> Hi,
> >> I ran into a problem with 3 computers in the same
> office,
> >> where everytime the users would log on their personal
> >> settings would have dissappeared, I would have to re-
> >> create their Outlook settings, re-enter their name and
> >> initials in MS Word, I even placed some files on their
> >> desktop and they would dissapear. Their Documents
> folders
> >> would get erased. I'm trying to find out if there's a
> >> virus that would cause this but I can't find anything.
> >> The office manager is suspecting sabotage, but I can't
> >> prove it. These PC are running with FAT32, I had to set
> >> the users as Local Administrators to over ride this
> >> problem. Anyone can help I would appreciate it.
> >>
> >> Thanks
> >> JMF
> >
> >
> >.
> >
Related ressources:
- ForumXP Home User Profiles
- ForumSimple question - user profiles
- ForumAD Local User Profiles
- ForumUser profile name change
- Forumwhy are my new user profiles limited
- ForumAdobe applications won't load unless I change user
- ForumChange user account names and directories in Windows XP of..
- ForumI Need a script for changing user Profiles
- ForumWindows won't display any user profiles .
- ForumUser Profile Can't Load
- ForumAdmin account on Windows 7 says User Profile Service failed
- ForumADMTv2 computer migration wizard/local profiles issue
- ForumIdeas on how to control multiple profiles on a PC.
- ForumWireless and Windows roaming profiles
- ForumExtra User Folders/ Profiles
- ForumParallel and com ports not appearing in device manager
- Forumlogon failure: the user has not been granted the requested..
- ForumRemote users and password change
- ForumRestrict computers user in an OU or Group can log on to
- Forum? to change the Drive Sharing properties via script?
- More resources
!
