Giving domain user access to a local profile: Easiest way to migrate

This has been a burden for a long time.  I have no issue  building a new PC and setting it up for Joe New User.  Migrating his data on the other hand is much more of a chore: where does he save his local copies (they always seem to save them off the network don’t they), what file types do they use, is there a personal collection of music (sorry but it is not work related – don’t care what your manager says 🙂 ).  So my colleague (Shaun Rioux – full credit is due to him for finding the source post) and I found a new way to do this and it is soooo easy.  Here is the background:

We are building a new server for one of our clients. They are a new company and have been using workgroup joined machines for the past few years. So, how do we get the local user profile data over to the domain user profile?  Copy to USB – slow and error prone.  Copy over the network – even slower. FAST (File and Setting Transfer Wizard) or WET (Windows Easy Transfer) – still takes a long time.  Side note: If you are migrating to new machines and do so often: buy some Easy Transfer cables – they are quite inexpensive and are the greatest thing in my option. Also note: the reason this is so fast is that you do not actually move the data – just the permissions to access it

So, here is what we did:

1) Join the local machine to the domain using domain admin (or equivalent) credentials
2) Either logon as the domain user or do a “run as” with the user account. Basically: let windows create a domain user profile folder.
3) Navigate to the user profiles (C:\user\”username”) and right click
4) Go to the Security tab in the properties and select advanced
This step is important as if you do it from the normal security tab you will get all.           kinds of errors.  Also very important to make sure you tell Windows to replace.  permissions on child objects.
5) Here you give the domain user access to the local user profile (“Full Control”)
6) Click Ok and close out the file explorer window
7) Now we will open the registry
8) Navigate to HKCU, right click, select permissions and give the domain user access (“Full Control”)
9) Last step: browse through the Registry: HKLM – Software – Microsoft – Windows NT – Current Version –  Profile list.
10) Here you will see all the user profiles listed.  Each one has a key called “ProfileImagePath”: look through the list until you locate the one with the local username.  Copy the value.  Look through the list until you locate the domain username.  Paste the copied value here.
11) Save and exit
12) Reboot
13) As my good friend Shaun Kearney says: go home at 5pm for once:  your wife will still be missing you and will be amazed you are home so early for once

Keep your stick on the ice

Decoding WSUS (Part 2 – Managing updates)

In this portion of the series I will be talking more about how to work with WSUS – how to manage it once it has been installed. This next article will cover how to create and manage update groups So the first thing we need to do is open up the management window. I will add a quick note here: you may not want to add the WSUS to a custom MMC. For some reason not all the changes made get replicated to the MMC (at least in my case – caused me much confusion at first). To open the management window: Start – admin tools (or go to control panel) – WSUS By default the “Updates” and “Computer section have some entries but we will customize them.

Navigate to Update services – “servername” – updates – (right click) new update view.

This is the area will you will define the various groups of updates that will be applied. In my example below I have them grouped in to OS groups. This way when I am looking for a Windows 7 update I know to which group I must apply it.

When you bring up the “add update view” screen you will want to add the first two entries (Classifications and Products) once you add them you will then need to configure them.

To configure classifications just click on the link in step 2 (in the image above). I usually remove the drivers and the tools sections and leave the rest.

To configure classification just click on the link in step 2 (in the image above) again. Here you will see that all items are selected by default. Clear this and select just the OS in question. In this example I am looking for updates to XP. So I removed the checkmark for all applications and scrolled down the list until I found the OS and selected it. The one gotcha I will point out here is to make sure to add any applications. When I build my update group for servers I include exchange and SQL. My clients use Small Business servers so they have only one box – but the same reasoning can apply for the various versions of office: if you have XP boxes with Office 2003 you can add Office 2003 to the XP updates group Next time we will go into creating Computer groups 

Next time we will go into creating Computer groups 🙂

Decoding WSUS (Part 1 – Intro)

For a long time now I have been wanting to learn how to use WSUS.  (For those who don’t know: Windows Server Update Services – thanks Colin ) It has been configured and running at my clients site for some time but I have never really gotten a hand on how to manage it properly and make sure it working.  In a recent meeting my dreams came true, okay, so not exactly my dreams but at least the WSUS portion of said aspirations.  So here goes a brief (but not overly so) introduction to WSUS

Firstly I am assuming we all know what WSUS is: WSUS is an automated way of ensuring Microsoft updates are delivered to all clients in an automated and repeatable fashion.  When you add the WSUS role/feature you change the way Windows updates work. Instead of going to the web to get updates you instead get them from your server.  This allows you to approve and decline updates for all machines from one interface (reducing user error) and also allows to save bandwidth since the clients get the updates from your server instead of the internet.

For the purpose of this article I will be assuming you have WSUS already installed.  If not here is a quick guide

1)      Go to Start -> Admin tools (or access them from Control Panel) -> Server Manager

2)      Here you want to add a role -> Windows Server update Services

3)      Click “Next” all the way through the screens to accept defaults

4)      If you want your clients to be forced to use Microsoft sites for the updates (not your server) you must clear the check box “Store updates locally” on the “select update source” screen

5)      You will most likely want to use an existing database on the “database options” page

6)      You can leave defaults on for the “website selection”


Now you will have WSUS installed.  In my next post I will show you how to actually configure WSUS.  The real “meat and potatoes” is on the way

Enjoy your appetizer 🙂

TechEd North America

Hi All,

Want to go to TechEd but don’t have the time or the money?  Fear not!  There is going to be a stream we can all follow.  Here is the URL:

Here is a list of the planned sessions

Time Title Primary Speaker
May 12 at 11-12 noon Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server Adam Hall; Andrew Conway; Demi Albuz; Jason Leznek
May 12 at 1:15-2:30pm Windows PowerShell Unplugged with Jeffrey Snover Jeffrey Snover
May 12 at 3-4:15pm RemoteApp for Mobility and BYOD Demi Albuz;Samim Erdogan
May 12 at 4:45-6pm Microsoft System Center 2012 Configuration Manager: MVP Experts Panel Greg Ramsey;Jason Sandys;Johan Arwidmark;Kent Agerlund;Steve Thompson
May 13 at 8:30-9:45am INTRODUCING: The Future of .NET on the Server Scott Hanselman;Scott Hunter
May 13 at 10:15-11:30am DEEP DIVE: The Future of .NET on the Server David Fowler;Scott Hanselman
May 13 at 1:30-2:45pm Group Policy: Notes from the Field – Tips, Tricks, and Troubleshooting Jeremy Moskowitz
May 13 at 3:15-4:30pm Microsoft Desktop Virtualization Overview Session Demi Albuz;Robin Brandl;Thomas Willingham
May 13 at 5-6:15pm TWC: Sysinternals Primer: TechEd 2014 Edition Aaron Margosis
May 14 at 8:30-9:45am Making Sense of the Microsoft Information Protection Stack Chris Hallum
May 14 at 10:15-11:30am Mark Russinovich and Mark Minasi on Cloud Computing Mark Minasi;Mark Russinovich
May 14 at 1:30-2:45pm Entity Framework: Building Applications with Entity Framework 6 Rowan Miller
May 14 at 3:15-4:30pm Windows PowerShell Best Practices and Patterns: Time to Get Serious Don Jones
May 14 at 5-6:15pm What’s New in Windows Server 2012 R2 Hyper-V Jeff Woolsey
May 15 at 8:30-9:45am Real-World Windows 8.1 Deployment: Notes from the Field Johan Arwidmark
May 15 at 10:15-11:30am Async Best Practices for C# and Visual Basic Mads Torgersen
May 15 at 1-2:15pm VDI Deployment Walkthrough John Kelbley;Rich McBrine;Robin Brandl
May 15 at 2:45-4pm 2014 Edition: How Many Coffees Can You Drink While Your PC Starts? Matthew Reynolds