All in the <head>

– Ponderings & code by Drew McLellan –

– Live from The Internets since 2003 –

About

Recovering a Windows Profile

19 December 2003

Our server going tits-up the other day had a big knock-on effect on the client machines – bigger than I initially realised. As I’d had to rebuild the Active Directory and the client machines were authenticated against the old AD, when it came to reboot a client they of course would not log back on. I had created the user and computer accounts in the new AD, but I think Windows uses GUID references rather than object names so although to the naked eye this was an exact replica of the original directory, to Windows it was something entirely different.

The solution was to log into each client as the local machine administrator, leave the domain, reboot and rejoin the domain. Another reboot and you can then authenticate with the new Active Directory. However – you could hear the ‘but’ coming, right? – when joining a domain Windows creates a new user profile on the client machine for that user. As it’s a new domain, you get a brand new user and all your beloved tweaks and settings get left behind on an account to which you cannot log on. Extremely off-pissing.

I’ve tried many times in the past to get around this issue and have never been successful, apart from today. Fortunately, I managed to recover my profile through a little registry quick-step. Here’s what I did on my Windows XP Professional client.

  1. After successfully logging in as your new user, immediately log out and log back in as the local machine administrator.
  2. Go to Documents and Settings and you’ll see two profile folders with similar names. One will probably have .DOMAIN appended to the end. This is the new profile.
  3. Drag that new profile folder outta there and dump it somewhere else (I moved mine to a different drive for backup). Remember what it’s called.
  4. Go Start > Run and type regedit followed by OK.
  5. Go Edit > Find and type the name of the folder you just KO’d. It’ll be somewhere like: HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows NT > CurrentVersion > ProfileList > weird numbers and the key is called ProfileImagePath.
  6. Change the value of this key to the address of your original profile folder.
  7. Reboot and log in as your normal user.

With a bit of luck, this should restore your settings – at least it did for me. The usual disclaimers apply – I don’t guarantee it’ll work, and messing with the registry can bugger up your computer. I don’t think this is a particularly risky maneuver, but if your try it you’re on your own.

- Drew McLellan

Tags

Comments

  1. § Zoro: I used to participate in a migration project from WinNT to W2k. New domain, new profile, as you said. To recover the profile, we used to do this:
    * create the new profile by login in
    * log out and log back as admin
    * drag and drop the content of the old profile onto the content of the new one.
    * say yes when it asks about overwriting files

    With this method, you end up with a backup of the profile, and you don’t have to play with the registry
  2. § Drew: Zoro, yes, I guess that would work. However, I prefer to keep the list of profiles as tidy as possible as as soon as you have multiple profiles as variations of one name you’re always having to double-check which one is active. Nothing quite as annoying as backing up a year-old profile before reformatting ;)
  3. § Drew: Wow, that has to be a contender for the highest usage of the word ’as’ in a sentance :)
  4. § Eric: Hi Drew, Just tried your idea and when I logged in as new user it just created a new profile for that user. I usually been doing what zorro mentioned but the problem with that is for the profile to stick right (icons, wallpaper, printers,office etc)that user needs to be a local administrator as soon as you make them just a user everything breaks, any thoughts?
  5. § Domingo: I wanted to do something similar and chanced upon this link. I have experienced Eric’s observations above and after doing a few tests I think the solution was to ‘assign Full Access permission to the original profile folder for the new user account’.

    I would recommend this as Step 6b from the above. This is because the original folder still had the old permissions and wouldn’t allow the new user account access to it. Without this extra step the new user account can not ‘take control’ of the old profile folder (and it ends up recreating a new profile).
  6. § Mooncabbage: Ok, I had to, for various reasons, REINSTALL XP on my home machine, rather than running a repair as I usually would (It kept hanging at 34 minutes). So I reinstalled, without formatting the drive, and everything seemed hunky-dorry. Except that, my old administrator account hadn’t migrated, and was totally inaccessible. Which is, needless to say, very bad. 12gb of data, which windows sees as 0 bytes, and totally offlimits. I can’t copy it, delete it, open it, anything. Needless to say, I nearly died. However, booting up knoppix, I see that my data does infact, exist, and for a moment, I am relieved. However, I have no way to recover the data, as Knoppix won’t give me write access to my drives, and its notoriously bad at writing to NTFS anyway. I tried the hack as described originally, and had the same problem as Eric. I read Domingo’s solution, but have absolutely no idea how to do it, and after 3 hours of google, I thought it might just be simpler to get the information straight from the horse’s mouth. Can anyone please help me?

    PS. I think at some point I messed with the permissions to prevent people who shouldn’t accessing my folder, I think I removed the administrator permissions…
  7. § The Guy:

    Hey Mooncabage,

    You can recover that data using ntbackup ( which is inherent in XP Pro )
    Go into the program
    Go to the backup tab
    Select the folder that you want to backup, and the location that you want to back it up to.
    And then once it has been backed up, select th restore tab
    Select the file that you backed up
    Then click on start restore
    Then click on advanced
    Then uncheck restore security

    Then you should be all good

    -The Guy

  8. § haveago:

    show all files of the profile you want copied, copy them, save them to another location, reboot and login as another user and copy all the files into the newly created profile then log back in as the new user or copy the .dat file into the new profile

  9. § KewlRobD:

    I have an easier solution. What I do is copy the ntuser files out of the new profile and into the old profile replacing the old ones. I then either move the new profile folder or rename it. I then rename the old profile folder to match what the new one was previosly named, ussually user.domain. Windows checks the known path for the correct ntuser files. If its a match then it used that profile. This eliminates any need for editing the registry and also saves a ton of time copying the entire contents of the old profile to the new profile. I went through a migration recently and some profile could easily take an hour to copy where the ntuser files take about 1 second to copy.

  10. § mahankins:

    I have a user whose domain record was deleted and of course when he logged in, he got a new profile file. The problem is that he has files encrypted with a locally generated cert that was associated with his old profile. If I follow the 7 steps, will the local cert be usable to decrypt his files?

  11. § vinjo:

    This guide works like a charm! One exception – Instead of logging off, you should reboot and log into the Administrator profile. Some reason, I could not move the [user].[domain] folder

  12. § Gary Sinton:

    Thanks twice. Those steps made it easy to reinstate quasi-semi-terminated employees.

  13. § Carl Farrington:

    In regards to user profiles migrating to a new domain:
    You have missed out a couple of vital steps.
    For example, if you are moving the computers to a new domain, you need to ensure both REGISTRY and NTFS permissions are changed to reflect the new SID given to the ‘new’ (as they appear to be) user in the new domain.
    You need to go into regedit, highlight HKEY_USERS, and go to file -> load hive, then find the users NTUSER.DAT (ensure you have hidden files visible), and load this file. Type anything for the name as this is just the subkey that the user’s registry hive will appear under. Then right-click on that subkey and choose Permissions. You will see the old SID which can no longer be resolved to a user account name because it belongs to the old domain, to which the machine is no longer joined. Delete that SID, and add the user again from the new domain with full permissions. Then unload the hive from the file menu (otherwise the file will be locked/in use and you won’t be able to use it).
    Also remove the old SID and add the new user (ok, same user, but new SID so a new user as far as NT is concerned) as the owner or full-permissions for \documents and settings\username. Do all of this whilst logged in as a domain administrator of the new domain. Log off and back on as that user and all will be well, or ideally reboot because sometimes the user’s registry hive was not correctly unloaded from when you first logged them on (when the fresh profile was created) (the event log will show this is the case), so a reboot is best, then log them on and all the settings will be there with (hopefully) no problems.

    I use this method for moving offices from an old server (read: existing domain) to a new server (read: new domain). I realise the official way to replace a server is to run side by side, but this means that if you want the new server to have the same name as the old server, then you can’t because you can’t have the two machines with the same name, and also for example SBS has limitations which would not allow for that procedure anyway.

    It’s about time I got myself a blog because I come across all sorts of things that I’d like to share with people like this. For example, there are still lots of people who think you can’t change a motherboard for one with a different chipset under XP without having to do a repair install afterwards due to incorrect IDE drivers, but with just 20 seconds of prior preparation with the old motherboard in place it goes perfectly every time.

  14. § Regina:

    How do you stop Windows from creating additional user profiles (NT_user)on its own? I assume it does this because the original profile has become corrupt.

  15. § SnowCrash:

    Thanks ‘The Guy’,

    ntbackup worked like a charm. It was able to back up the entire Administrator folder, and restore the lost files.

    Thanks again

    SnowCrash

  16. § Anderson:

    I have 6+ PC’s on a home network that the server went tits-up. Followed steps 1-6 of Drew followed by Carl’s additional before I did the reboot. Worked like a charm, I thought. Here’s what worked: desktop was exactly the same all of the programs that I checked appeared to work including Word and Excel. However when I checked the event log I was stuck with a reoccuring 1030, 1058 error. Granted this may have been occuring even before performing this proceedure. From what I have read it appears that the client PC was still trying to get the group policy settings that existed on the old domain controller. Someones suggestion was that I try and create a local policy that overrode the domains policy, no dice. I was playing with trying to deploy some game software to each of the kids PCs which worked mostly but was more of a hastle than just going to each PC and loading it locally. In the process of trying to solve/cleanup the 1030/1058 can’t find gpt.ini. I was looking under system properties-user profiles and noticed a couple of Account Unknown’s. I thought I would clean up the system by deleting the account unknowns thinking they were just remnants of users from the old domain that it couldn’t resolve the names of anymore. Well…. boom, one or more of the account unknowns contained the user profile I was trying to save and it wiped out the desktop, start menu, and everything else associated with the profile. There was still the profiles for the local administrator and the network user that I was protecting which is all that I thought I really needed on this machine but something (probably one of the account unknowns had a profilelist path (step 5 of Drew) pointing to the user profile I was trying to protect and it tried to delete the profilepaths directory which it couldn’t complete because I was still logged on) deleted the profile. Now that I lost the battle on this PC I guess I will go ahead and join the domain the correct way and see if the group policy errors will/can be cleaned up.

  17. § Ville Walveranta:

    I completed a small business domain migration couple of days ago. This post was very helpful in getting the user profiles migrated with minimal fuss. Also thanks to Carl Farrington for his comments on the necessary registry updates.

    You can check out my blog entry for the complete outline of the process I ended up using to successfully migrate the user profiles transparently (users never knew the difference), and without having to duplicate the user profiles (other than for a backup).

  18. § Luke Knudsen:

    Sure, a bit confusing, but that’s how the windows The trick with editing the ProfileImagePath parameter to reflect changes in SID worked for ages http://www.microsoft.com/technet/archive/community/columns/tips/1-25-99.mspx but it seems to not work any longer in Windows NT version 6.x (that is in Windows Vista and Windows Server 2008). Indeed, the thing with SID is by design, quoting
    “Regardless of whether the user logs on to a local account or an account from a domain, if the ProfilePath folder does not contain a folder with the name of the logged-on user (in this case “joesmith”), a folder with that name is created and the path recorded in the registry along with the Security Identifier (SID) of the user associated with the profile.”
    Previously it was possible to move user and map between the existing user profile and the brand new one using the moveuser tool from the Windows Server 2003 Resource Kit Tools but http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en but as said it doesn’t work anymore http://support.microsoft.com/kb/930955 on Vista and requires using the Win32_UserProfile WMI calls. This information is pretty new and dated August this year.

    I came thinking about this problem about a year ago when I have been migrating my user profiles from one server to another and had no luck to solve this the right way. Eventually, I stumbled upon the small migration tool from Scriptlogic called Secure Copy http://www.scriptlogic.com/products/securecopy which was able to update the SAM DB and freshen the designating ACLs with the new SID entries automatically as it works with SID History http://technet2.microsoft.com/windowsserver/en/library/044de91e-0cdf-480e-83e6-3be53f3cfb781033.mspx parameter updates. That worked as needed to me.

    Read more to that on the User Profile Storage in Windows here http://support.microsoft.com/kb/228445 .

    By the way, the similar trick could be used also to relocate the Documents and Settings system folder. Details on that can be read here http://support.microsoft.com/kb/236621 .

    Going forward, I got more involved into Scriptlogic’s products-it seems they offer the whole range of server-management specific products-and I am now thinking about their Desktop Authority http://www.scriptlogic.com/desktop_management.asp . I got completely bored with the need to develop a custom migration plan to just move or propagate the existing user profile settings from one system to another. Now we are full of reports showing some of our custom-made scripts are not working anymore on Vista machines. We managed to solve this for some users when for some we had to create completely new user profiles. I can’t say that our users were happy to see the bare profile instead of their customized and tuned profile. Surely we recovered some user-specific settings using the GPO but not completely. In Desktop Authority, if understand it correctly, it is possible to flexibly move profile settings between computers and reconstruct the original customized profile as-is on any supported hardware or software configuration no matter which version of operating system is used.

  19. § Andrew:

    Hi. Useful article – but i can add a word of warning! altering the registry was the last straw for one of the works machines – a legit windows woke up and declared itself illegit! and the whole system had to be reinstalled! Just copying the profile works, but outlook moaned about permissions, hence why i loaded and unloaded the hive….ahhhhh. Perhaps do a straight profile copy and then reinstall the email client! Have a good day – im not!

  20. § benizi:

    Word of warning, and tale of idiocy. If you try the “copy the NTUSER files, and rename the directory” method, be sure that your directory’s not getting overwritten by Roaming Profiles.

    It was taking ages to copy from username\ to username.DOMAIN\, so halfway through, I saw that comment and just copied (the not-yet copied-over) username.DOMAIN\NTUSER.DAT to username\NTUSER.DAT. Then I logged everyone out and rebooted, renamed username.DOMAIN to BACKUP.username.DOMAIN and username to username.DOMAIN.

    Rebooted and logged back in, and was confused by the virtually blank profile I found. It didn’t even have the stuff I’d half-way copied. Then I opened up BACKUP.username.DOMAIN, and (not thinking clearly) thought I must have switched the order (renamed folders to the wrong names). So, I replaced username.DOMAIN with BACKUP.username.DOMAIN. (Might as well, since I thought I’d just overwritten my backup data.)

    Repeat the logout and in. And, voilà: two nearly blank profiles. (*duh*) Logging in as a Domain user overwrote the profile with my ‘network’ (on the same box – VMware) profile.

  21. § Adam:

    I tried this trick and it worked KINDA on XP. There were a few bumps. 1. Being that the user had no permission to the old user profile folder. Easily fixable by just right clicking and going to security and changing the permissions, adding that new user. and 2. The homepath variable is wrong. take note of the S-1-xxxxxxxxx number that’s assigned to the NEW id. You just have to go into the registry under HKey_Users and Volatile Environment and change the HOMEPATH variable to match the original profile. And Walla! It’s working.

  22. § Matthew:

    This worked fine on my windows XP laptop. Windows had randomly declared the user profile on my laptop corrupt or unrecoverable. On entry to regedit, I discovered it had renamed my profile entry (at the directory location mentioned) as .bak and created an identical reference to a new TEMP.DOMAIN profile folder. Calling the new one .bak2 and removing the .bak from the correct profile has solved the problem for me. Good guide!

Photographs

Work With Me

edgeofmyseat.com logo

At edgeofmyseat.com we build custom content management systems, ecommerce solutions and develop web apps.

Follow me

Affiliation

  • Web Standards Project
  • Britpack
  • 24 ways

Perch - a really little cms

About Drew McLellan

Photo of Drew McLellan

Drew McLellan (@drewm) has been hacking on the web since around 1996 following an unfortunate incident with a margarine tub. Since then he’s spread himself between both front- and back-end development projects, and now is Director and Senior Web Developer at edgeofmyseat.com in Maidenhead, UK (GEO: 51.5217, -0.7177). Prior to this, Drew was a Web Developer for Yahoo!, and before that primarily worked as a technical lead within design and branding agencies for clients such as Nissan, Goodyear Dunlop, Siemens/Bosch, Cadburys, ICI Dulux and Virgin.net. Somewhere along the way, Drew managed to get himself embroiled with Dreamweaver and was made an early Macromedia Evangelist for that product. This lead to book deals, public appearances, fame, glory, and his eventual downfall.

Picking himself up again, Drew is now a strong advocate for best practises, and stood as Group Lead for The Web Standards Project 2006-08. He has had articles published by A List Apart, Adobe, and O’Reilly Media’s XML.com, mostly due to mistaken identity. Drew is a proponent of the lower-case semantic web, and is currently expending energies in the direction of the microformats movement, with particular interests in making parsers an off-the-shelf commodity and developing simple UI conventions. He writes here at all in the head and, with a little help from his friends, at 24 ways.