uphclean tool

  • Thread starter Thread starter rocketz21
  • Start date Start date
R

rocketz21

Guest
Does anyone have some experience or know anything about the uphclean tool and
how it works? We use roaming profiles on a small one domain company and
experience strange issues time to time and wondering if it's recommended to
use this tool or not.

Sometimes a user won't be able to log on with their roaming profile and logs
them on with a default temp profile, sometimes the folder gets reset to a
default empty desktop, other times the desktop doesn't even load and you need
to restart. Just weird things like that and just curious if this tool is
good to use on client pcs and what's the benefit? I don't want to slow down
logon times anymore than they already are.
 
Re: uphclean tool

rocketz21 <rocketz21@discussions.microsoft.com> wrote:
> Does anyone have some experience or know anything about the uphclean
> tool and how it works? We use roaming profiles on a small one domain
> company and experience strange issues time to time and wondering if
> it's recommended to use this tool or not.

It's part of my standard workstation build, and has been for years. There's
no downside to installing the service. I don't know why it's not built in,
frankly.
>
> Sometimes a user won't be able to log on with their roaming profile
> and logs them on with a default temp profile, sometimes the folder
> gets reset to a default empty desktop, other times the desktop
> doesn't even load and you need to restart. Just weird things like
> that and just curious if this tool is good to use on client pcs and
> what's the benefit? I don't want to slow down logon times anymore
> than they already are.

It won't slow anything down - but it not fix your problem, either.

Below is my boilerplate on roaming profiles....maybe something in there will
help isolate the cause of your issue. Of course, you will want to start by
reviewing the event logs on the workstation when you're having a profile
error.


---
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field

4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.

5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions.

Notes:

* Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the "last one out wins," when it comes to
uploading the final, changed copy of the profile.

* Keep your profiles TINY. Via group policy, redirect My Documents at the
very least - to a subfolder of the user's home directory or user folder.
Also consider redirecting Desktop & Application Data similarly..... so the
user will have:

\\server\home$\%username%\My Documents,
\\server\home$\%username%\Desktop,
\\server\home$\%username%\Application Data.

Alternatively, just manually re-target My Documents to
\\server\home$\%username% (this is not optimal, however.

If you aren't going to also redirect the desktop using policies, tell users
that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.

* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.

* Do not let people store any data locally - all data belongs on the server.

* The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en
 
Re: uphclean tool

Thanks, I'll double check some of our settings.

I have been adding the user as the owner of the folder. Administrators is
the owner by default. Is this a bad thing to give the user ownership of
their own roaming profile folder?

I am just curious what the uphclean tool does, how would it benefit someone
by using it and what common problems does it solve?

"Lanwench [MVP - Exchange]" wrote:

> rocketz21 <rocketz21@discussions.microsoft.com> wrote:
> > Does anyone have some experience or know anything about the uphclean
> > tool and how it works? We use roaming profiles on a small one domain
> > company and experience strange issues time to time and wondering if
> > it's recommended to use this tool or not.
>
> It's part of my standard workstation build, and has been for years. There's
> no downside to installing the service. I don't know why it's not built in,
> frankly.
> >
> > Sometimes a user won't be able to log on with their roaming profile
> > and logs them on with a default temp profile, sometimes the folder
> > gets reset to a default empty desktop, other times the desktop
> > doesn't even load and you need to restart. Just weird things like
> > that and just curious if this tool is good to use on client pcs and
> > what's the benefit? I don't want to slow down logon times anymore
> > than they already are.
>
> It won't slow anything down - but it not fix your problem, either.
>
> Below is my boilerplate on roaming profiles....maybe something in there will
> help isolate the cause of your issue. Of course, you will want to start by
> reviewing the event logs on the workstation when you're having a profile
> error.
>
>
> ---
> General tips:
>
> 1. Set up a share on the server. For example - d:\profiles, shared as
> profiles$ to make it hidden from browsing. Make sure this share is *not* set
> to allow offline files/caching! (that's on by default - disable it)
>
> 2. Make sure the share permissions on profiles$ indicate everyone=full
> control. Set the NTFS security to administrators, system, and users=full
> control.
>
> 3. In the users' ADUC properties, specify \\server\profiles$\%username% in
> the profiles field
>
> 4. Have each user log into the domain once from their usual workstation
> (where their existing profile lives) and log out. The profile is now
> roaming.
>
> 5. If you want the administrators group to automatically have permissions to
> the profiles folders, you'll need to make the appropriate change in group
> policy. Look in computer configuration/administrative templates/system/user
> profiles - there's an option to add administrators group to the roaming
> profiles permissions.
>
> Notes:
>
> * Make sure users understand that they should not log into multiple
> computers at the same time when they have roaming profiles (unless you make
> the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
> change them). Explain that the "last one out wins," when it comes to
> uploading the final, changed copy of the profile.
>
> * Keep your profiles TINY. Via group policy, redirect My Documents at the
> very least - to a subfolder of the user's home directory or user folder.
> Also consider redirecting Desktop & Application Data similarly..... so the
> user will have:
>
> \\server\home$\%username%\My Documents,
> \\server\home$\%username%\Desktop,
> \\server\home$\%username%\Application Data.
>
> Alternatively, just manually re-target My Documents to
> \\server\home$\%username% (this is not optimal, however.
>
> If you aren't going to also redirect the desktop using policies, tell users
> that
> they are not to store any files on the desktop or you will beat them with a
> stick. Big profile=slow login/logout, and possible profile corruption.
>
> * Note that user profiles are not compatible between different OS versions,
> even between W2k/XP. Keep all your computers. Keep your workstations as
> identical as possible - meaning, OS version is the same, SP level is the
> same, app load is (as much as possible) the same.
>
> * Do not let people store any data locally - all data belongs on the server.
>
> * The User Profile Hive Cleanup Utility should be running on all your
> computers. You can download it here:
> http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en
>
>
>
 
Re: uphclean tool

rocketz21 <rocketz21@discussions.microsoft.com> wrote:
> Thanks, I'll double check some of our settings.
>
> I have been adding the user as the owner of the folder.
> Administrators is the owner by default. Is this a bad thing to give
> the user ownership of their own roaming profile folder?

No, but it isn't necessary.
>
> I am just curious what the uphclean tool does, how would it benefit
> someone by using it and what common problems does it solve?

See http://support.microsoft.com/kb/837115
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> rocketz21 <rocketz21@discussions.microsoft.com> wrote:
>>> Does anyone have some experience or know anything about the uphclean
>>> tool and how it works? We use roaming profiles on a small one
>>> domain company and experience strange issues time to time and
>>> wondering if it's recommended to use this tool or not.
>>
>> It's part of my standard workstation build, and has been for years.
>> There's no downside to installing the service. I don't know why it's
>> not built in, frankly.
>>>
>>> Sometimes a user won't be able to log on with their roaming profile
>>> and logs them on with a default temp profile, sometimes the folder
>>> gets reset to a default empty desktop, other times the desktop
>>> doesn't even load and you need to restart. Just weird things like
>>> that and just curious if this tool is good to use on client pcs and
>>> what's the benefit? I don't want to slow down logon times anymore
>>> than they already are.
>>
>> It won't slow anything down - but it not fix your problem, either.
>>
>> Below is my boilerplate on roaming profiles....maybe something in
>> there will help isolate the cause of your issue. Of course, you will
>> want to start by reviewing the event logs on the workstation when
>> you're having a profile error.
>>
>>
>> ---
>> General tips:
>>
>> 1. Set up a share on the server. For example - d:\profiles, shared as
>> profiles$ to make it hidden from browsing. Make sure this share is
>> *not* set to allow offline files/caching! (that's on by default -
>> disable it)
>>
>> 2. Make sure the share permissions on profiles$ indicate
>> everyone=full control. Set the NTFS security to administrators,
>> system, and users=full control.
>>
>> 3. In the users' ADUC properties, specify
>> \\server\profiles$\%username% in the profiles field
>>
>> 4. Have each user log into the domain once from their usual
>> workstation (where their existing profile lives) and log out. The
>> profile is now roaming.
>>
>> 5. If you want the administrators group to automatically have
>> permissions to the profiles folders, you'll need to make the
>> appropriate change in group policy. Look in computer
>> configuration/administrative templates/system/user profiles -
>> there's an option to add administrators group to the roaming
>> profiles permissions.
>>
>> Notes:
>>
>> * Make sure users understand that they should not log into multiple
>> computers at the same time when they have roaming profiles (unless
>> you make the profiles mandatory by renaming ntuser.dat to ntuser.man
>> so they can't change them). Explain that the "last one out wins,"
>> when it comes to uploading the final, changed copy of the profile.
>>
>> * Keep your profiles TINY. Via group policy, redirect My Documents
>> at the very least - to a subfolder of the user's home directory or
>> user folder. Also consider redirecting Desktop & Application Data
>> similarly..... so the user will have:
>>
>> \\server\home$\%username%\My Documents,
>> \\server\home$\%username%\Desktop,
>> \\server\home$\%username%\Application Data.
>>
>> Alternatively, just manually re-target My Documents to
>> \\server\home$\%username% (this is not optimal, however.
>>
>> If you aren't going to also redirect the desktop using policies,
>> tell users that
>> they are not to store any files on the desktop or you will beat them
>> with a stick. Big profile=slow login/logout, and possible profile
>> corruption.
>>
>> * Note that user profiles are not compatible between different OS
>> versions, even between W2k/XP. Keep all your computers. Keep your
>> workstations as identical as possible - meaning, OS version is the
>> same, SP level is the same, app load is (as much as possible) the
>> same.
>>
>> * Do not let people store any data locally - all data belongs on the
>> server.
>>
>> * The User Profile Hive Cleanup Utility should be running on all your
>> computers. You can download it here:
>> http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

Thanks again for your help. I took a look in the event viewer and did notice
a bunch of errors in application data when the profiles have not loaded.

There are 1500 and 1517 alerts.

1500 error: "Windows cannot log you on because your profile cannot be
loaded. Check that you are connected to the network, or that your network is
functioning correctly. If this problem persists, contact your administrator.

Detail - The system cannot find the file specified"

<this error is causing the most problems, the dekstop doesn't load or loads
with restricted access>

1517 warning: "Windows saved the user DOMAIN\username registry while an
application or service was still running by the registry duing logoff. The
memory used by the user's registry has not been freed. The registry will be
unloaded when is no longer in use."

<this is listed approx 5 times a month>

I hope this helps.
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

UWRFREPORTER04 <UWRFREPORTER04@discussions.microsoft.com> wrote:
> Thanks again for your help. I took a look in the event viewer and
> did notice a bunch of errors in application data when the profiles
> have not loaded.
>
> There are 1500 and 1517 alerts.
>
> 1500 error: "Windows cannot log you on because your profile cannot be
> loaded. Check that you are connected to the network, or that your
> network is functioning correctly. If this problem persists, contact
> your administrator.
>
> Detail - The system cannot find the file specified"
>
> <this error is causing the most problems, the dekstop doesn't load or
> loads with restricted access>
>
> 1517 warning: "Windows saved the user DOMAIN\username registry while
> an application or service was still running by the registry duing
> logoff. The memory used by the user's registry has not been freed.
> The registry will be unloaded when is no longer in use."
>
> <this is listed approx 5 times a month>
>
> I hope this helps.

I suggest that you simply download & install UPHClean and see if it helps.
It should make the 1517 go away, at least. Then if you still have problems,
you can do further investigation. Make sure you are using folder
redirection - if you aren't redirecting Desktop as well, don't let users
store any files on there. Shortcuts only. Ideally, redirect App Data, My
Docs and desktop - and keep those profiles TINY.
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"


I have tried to redirect app data in a test OU I set up for myself. I have
been unable to do so, it keeps giving me an access denied message. I have
folder redirection for my docs on the domain group policy and I'm able to set
the app data policy on the domain group policy OU, but I want to test it
first to ensure it works before deploying it. Is there a reason I can't
create another OU and use it as my folder redirection for app data?

Also within the profile there are 2 files that contain voice mail/faxes data
for outlook and that file is up to 25mb for one user, is there a way to
redirect those to decrease the profile size

> > >
> I suggest that you simply download & install UPHClean and see if it helps.
> It should make the 1517 go away, at least. Then if you still have problems,
> you can do further investigation. Make sure you are using folder
> redirection - if you aren't redirecting Desktop as well, don't let users
> store any files on there. Shortcuts only. Ideally, redirect App Data, My
> Docs and desktop - and keep those profiles TINY.
>
>
>
>
 
Re: uphclean tool

rocketz21 wrote:
> Does anyone have some experience or know anything about the uphclean tool and
> how it works? We use roaming profiles on a small one domain company and
> experience strange issues time to time and wondering if it's recommended to
> use this tool or not.
>
> Sometimes a user won't be able to log on with their roaming profile and logs
> them on with a default temp profile, sometimes the folder gets reset to a
> default empty desktop, other times the desktop doesn't even load and you need
> to restart. Just weird things like that and just curious if this tool is
> good to use on client pcs and what's the benefit? I don't want to slow down
> logon times anymore than they already are.

I always install UPHCLEAN on our TS servers. There will always be
occasional problems logging off when you have roaming profiles. However,
it doesn't solve any fundamental problems, especially corrupted or
inaccessible profiles. It won't address, for example the problem of
being unable to load a profile. UPHCLEAN only addresses logging off. If
it takes too long to close a profile, UPHCLEAN will force it closed. You
will see a message in the event logs when this happens. If you see too
many of them, you have a fundamental problem that needs to be addressed...

How about some more info on how you have roaming profiles set up? It
sounds like some kind of communication problem...

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"


Ouch!!! 25MB!!! You are asking for corrupted profiles with that kind of
size!!! If you can put them in a folder, you can specify within the GPO
to not store as part of the roaming profile. Or maybe put them in "My
Documents" and redirect that?

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

rocketz21 wrote:
> I have tried to redirect app data in a test OU I set up for myself. I have
> been unable to do so, it keeps giving me an access denied message. I have
> folder redirection for my docs on the domain group policy and I'm able to set
> the app data policy on the domain group policy OU, but I want to test it
> first to ensure it works before deploying it. Is there a reason I can't
> create another OU and use it as my folder redirection for app data?
>
> Also within the profile there are 2 files that contain voice mail/faxes data
> for outlook and that file is up to 25mb for one user, is there a way to
> redirect those to decrease the profile size
>
>> I suggest that you simply download & install UPHClean and see if it helps.
>> It should make the 1517 go away, at least. Then if you still have problems,
>> you can do further investigation. Make sure you are using folder
>> redirection - if you aren't redirecting Desktop as well, don't let users
>> store any files on there. Shortcuts only. Ideally, redirect App Data, My
>> Docs and desktop - and keep those profiles TINY.
>>
>>
>>
>>
 
Re: uphclean tool

I will have to look at my settings in more detail on monday. From what I
know, there is a shared folder called user_profiles$ with domain users have
full control of the share. Under each folder, the user has full control of
their folder and gave administrator full control. Changed the owner of the
folder to the user to eliminate any ownership problems.

I have excluded the cookies folder from the roaming profile and we redirect
the my documents to the users home directory (in our case a shared drive with
everyone's personal docs).

I agree the size of that one file is a problem. Mine is very small, less
than 200 kb, but I don't save any voice messages. (The file did become
corrupt with the user with the 25 mb file). That's what the file is for, so
it needs to be included with the user somehow. I'm up for suggestions.

App data is another problem, that's the biggest folder and it's not being
redirected and mainly because I read it is not typically redirected. To do
so, I would need to create a shared folder-example (application$) and create
invidual folders for each user. Is that the best practice? Is there any
risk in redirecting app data?

And what should the size of the roaming profiles folder be? I've noticed
many are 20 mb, some even around 40, with app data taking up most of the data
and the desktop being very small.

On a side note to the communication problem, about 4 months ago we lost our
active directory and re-created it and that's when some of the intermediate
problems occur, partially with users not in the admin group not being able to
access any of their desktop (the pc thinks they are a restricted user
otherwise). I believe the ntuser file got corrupt or has data from the "old"
domain that is causing issues.

"Hank Arnold (MVP)" wrote:

> rocketz21 wrote:
> > Does anyone have some experience or know anything about the uphclean tool and
> > how it works? We use roaming profiles on a small one domain company and
> > experience strange issues time to time and wondering if it's recommended to
> > use this tool or not.
> >
> > Sometimes a user won't be able to log on with their roaming profile and logs
> > them on with a default temp profile, sometimes the folder gets reset to a
> > default empty desktop, other times the desktop doesn't even load and you need
> > to restart. Just weird things like that and just curious if this tool is
> > good to use on client pcs and what's the benefit? I don't want to slow down
> > logon times anymore than they already are.
>
> I always install UPHCLEAN on our TS servers. There will always be
> occasional problems logging off when you have roaming profiles. However,
> it doesn't solve any fundamental problems, especially corrupted or
> inaccessible profiles. It won't address, for example the problem of
> being unable to load a profile. UPHCLEAN only addresses logging off. If
> it takes too long to close a profile, UPHCLEAN will force it closed. You
> will see a message in the event logs when this happens. If you see too
> many of them, you have a fundamental problem that needs to be addressed...
>
> How about some more info on how you have roaming profiles set up? It
> sounds like some kind of communication problem...
>
> --
>
> Regards,
> Hank Arnold
> Microsoft MVP
> Windows Server - Directory Services
>
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

That file is part of outlook that stores a users voicemail/fax. It needs to
be accessible if they move around. What other options could I do? I
redirect my docs, so it could be stored there, but I don't know if outlook
will know how to find the file.

"Hank Arnold (MVP)" wrote:

>
> Ouch!!! 25MB!!! You are asking for corrupted profiles with that kind of
> size!!! If you can put them in a folder, you can specify within the GPO
> to not store as part of the roaming profile. Or maybe put them in "My
> Documents" and redirect that?
>
> --
>
> Regards,
> Hank Arnold
> Microsoft MVP
> Windows Server - Directory Services
>
> rocketz21 wrote:
> > I have tried to redirect app data in a test OU I set up for myself. I have
> > been unable to do so, it keeps giving me an access denied message. I have
> > folder redirection for my docs on the domain group policy and I'm able to set
> > the app data policy on the domain group policy OU, but I want to test it
> > first to ensure it works before deploying it. Is there a reason I can't
> > create another OU and use it as my folder redirection for app data?
> >
> > Also within the profile there are 2 files that contain voice mail/faxes data
> > for outlook and that file is up to 25mb for one user, is there a way to
> > redirect those to decrease the profile size
> >
> >> I suggest that you simply download & install UPHClean and see if it helps.
> >> It should make the 1517 go away, at least. Then if you still have problems,
> >> you can do further investigation. Make sure you are using folder
> >> redirection - if you aren't redirecting Desktop as well, don't let users
> >> store any files on there. Shortcuts only. Ideally, redirect App Data, My
> >> Docs and desktop - and keep those profiles TINY.
> >>
> >>
> >>
> >>
>
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

rocketz21 <rocketz21@discussions.microsoft.com> wrote:
> I have tried to redirect app data in a test OU I set up for myself.
> I have been unable to do so, it keeps giving me an access denied
> message.

Where are you trying to redirect it to? I would use "basic" / redirect
everyone to the same place ...and specify the home dir share (do not use the
"redirect to the home directory" option)

Hence, John Smith would have the following redirections set.....

\\servername\home$\jsmith\My Documents
\\servername\home$\jsmith\Desktop
\\servername\home$\jsmith\Application Data



> I have folder redirection for my docs on the domain group
> policy

Not on a default/domain policy, right? You've created your own GPO....and
linked it to your own custom OU for your users/workstations, I hope.

I would create a parent OU called Companyname
Underneat that, I'd have Companyname Users - and at the same level,
Companyname Computers

Link your custom OU for redirection/etc at the Companyname (parent) level.

Do not muck with the built-in domain policies. The only thing you might
change therein would be your password policies, which need to apply at the
domain level.

> and I'm able to set the app data policy on the domain group
> policy OU, but I want to test it first to ensure it works before
> deploying it. Is there a reason I can't create another OU and use it
> as my folder redirection for app data?
>
> Also within the profile

In which folder?

> there are 2 files that contain voice
> mail/faxes data for outlook an that file is up to 25mb for one user,
> is there a way to redirect those to decrease the profile size

Yes, if they're in application data.

25MB is not huge, note.
>
>>>>
>> I suggest that you simply download & install UPHClean and see if it
>> helps. It should make the 1517 go away, at least. Then if you still
>> have problems, you can do further investigation. Make sure you are
>> using folder redirection - if you aren't redirecting Desktop as
>> well, don't let users store any files on there. Shortcuts only.
>> Ideally, redirect App Data, My Docs and desktop - and keep those
>> profiles TINY.
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

I tried redirecting app data, but I have some issues with my programs after
the fact.

Created a folder called application$ and redirected the folder to
\\server\application$\%username%\Application Data.

There isn't a home folder. The home directory is directed towards the users
mydocs. The users have their own "private" folder.

The main issue I noticed right away was the icons in the quick launch
toolbar dissapeared and were issues with word/outlook, etc. I must have done
something wrong, but I don't know what.

After the fact, I wanted to view the info in application data folder that
was redirected and I was denied. Maybe I did something wrong here, I changed
the security/ownership to be able to view the files as the administrator and
this might of been the problem, but I'm only speculating why I had problems.
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

rocketz21 <rocketz21@discussions.microsoft.com> wrote:
> I tried redirecting app data, but I have some issues with my programs
> after the fact.

You may need to troubleshoot those individually.
>
> Created a folder called application$ and redirected the folder to
> \\server\application$\%username%\Application Data.
>
> There isn't a home folder. The home directory is directed towards
> the users mydocs. The users have their own "private" folder.

I would still recommend using a user-specific folder (e.g., this "private"
folder) as the top-level folder for redirection - and redirecting the App
Data, My Docs, and Desktop underneath that. No point having separate shares
unless you need this data on different servers for some reason (which I'd
discourage).
>
> The main issue I noticed right away was the icons in the quick launch
> toolbar dissapeared and were issues with word/outlook, etc. I must
> have done something wrong, but I don't know what.

Event logs & rsop.msc

>
> After the fact, I wanted to view the info in application data folder
> that was redirected and I was denied.

You probably left "Grant user exclusive rights..." ticked in the policy. I
don't leave that enabled.

> Maybe I did something wrong
> here, I changed the security/ownership to be able to view the files
> as the administrator and this might of been the problem, but I'm only
> speculating why I had problems.

I think I've taken this as far as I can - I'm not a policy guru. As
mentioned, the best place for GP questions is
microsoft.public.windows.group_policy. I do suggest you heed the
suggestions above and clean up your config a bit first - then test, and then
compose a new post in that group for the most expert help.
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

Thanks, I will try to redirect those folders and see if it helps with any of
our problems. If anything, it should hep with those logging on across the
network at a diff location, for many it takes 5-10 minutes to log on.

"Lanwench [MVP - Exchange]" wrote:

> rocketz21 <rocketz21@discussions.microsoft.com> wrote:
> > I tried redirecting app data, but I have some issues with my programs
> > after the fact.
>
> You may need to troubleshoot those individually.
> >
> > Created a folder called application$ and redirected the folder to
> > \\server\application$\%username%\Application Data.
> >
> > There isn't a home folder. The home directory is directed towards
> > the users mydocs. The users have their own "private" folder.
>
> I would still recommend using a user-specific folder (e.g., this "private"
> folder) as the top-level folder for redirection - and redirecting the App
> Data, My Docs, and Desktop underneath that. No point having separate shares
> unless you need this data on different servers for some reason (which I'd
> discourage).
> >
> > The main issue I noticed right away was the icons in the quick launch
> > toolbar dissapeared and were issues with word/outlook, etc. I must
> > have done something wrong, but I don't know what.
>
> Event logs & rsop.msc
>
> >
> > After the fact, I wanted to view the info in application data folder
> > that was redirected and I was denied.
>
> You probably left "Grant user exclusive rights..." ticked in the policy. I
> don't leave that enabled.
>
> > Maybe I did something wrong
> > here, I changed the security/ownership to be able to view the files
> > as the administrator and this might of been the problem, but I'm only
> > speculating why I had problems.
>
> I think I've taken this as far as I can - I'm not a policy guru. As
> mentioned, the best place for GP questions is
> microsoft.public.windows.group_policy. I do suggest you heed the
> suggestions above and clean up your config a bit first - then test, and then
> compose a new post in that group for the most expert help.
>
>
>
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

rocketz21 <rocketz21@discussions.microsoft.com> wrote:
> Thanks, I will try to redirect those folders and see if it helps with
> any of our problems. If anything, it should hep with those logging
> on across the network at a diff location, for many it takes 5-10
> minutes to log on.

Ah, that's another story. You need to do the redirection to a folder on a
server on their LAN....not across a WAN link.
Same with profile folders. You can deal with all of this via group policy,
linked to the appropriate OUs for your locations.

You might look into DFS if you have users who float around from office to
office.


>
> "Lanwench [MVP - Exchange]" wrote:
>
>> rocketz21 <rocketz21@discussions.microsoft.com> wrote:
>>> I tried redirecting app data, but I have some issues with my
>>> programs after the fact.
>>
>> You may need to troubleshoot those individually.
>>>
>>> Created a folder called application$ and redirected the folder to
>>> \\server\application$\%username%\Application Data.
>>>
>>> There isn't a home folder. The home directory is directed towards
>>> the users mydocs. The users have their own "private" folder.
>>
>> I would still recommend using a user-specific folder (e.g., this
>> "private" folder) as the top-level folder for redirection - and
>> redirecting the App Data, My Docs, and Desktop underneath that. No
>> point having separate shares unless you need this data on different
>> servers for some reason (which I'd discourage).
>>>
>>> The main issue I noticed right away was the icons in the quick
>>> launch toolbar dissapeared and were issues with word/outlook, etc.
>>> I must have done something wrong, but I don't know what.
>>
>> Event logs & rsop.msc
>>
>>>
>>> After the fact, I wanted to view the info in application data folder
>>> that was redirected and I was denied.
>>
>> You probably left "Grant user exclusive rights..." ticked in the
>> policy. I don't leave that enabled.
>>
>>> Maybe I did something wrong
>>> here, I changed the security/ownership to be able to view the files
>>> as the administrator and this might of been the problem, but I'm
>>> only speculating why I had problems.
>>
>> I think I've taken this as far as I can - I'm not a policy guru. As
>> mentioned, the best place for GP questions is
>> microsoft.public.windows.group_policy. I do suggest you heed the
>> suggestions above and clean up your config a bit first - then test,
>> and then compose a new post in that group for the most expert help.
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

Thanks. What I ended up doing was creating a shared folder called
folderredirection$ and created a folder for each user and redirected the app
data into that share (\\domain\folderredirection$\%username%). That seemed
to work fine. If I want to redirect anything else in the future, they will
just go into that folder. Only have one domain with 25 users.

As for the errors in event log, often the user would get loaded with a temp
profile and I discovered in the registry under the profile list for local
machine there were 2 instances of the same user with the exact same profile
path. This is due to recreating our domain and using the same names as
before. Used the whoami tool to verify the current user sid and deleted the
old registry key for that same user. Not sure if it will help, but I think
that is a big part of the problem.

My thought is the system doesn't know which reg key is correct and can't
load the profile because there isn't anything to load. That is my opinion,
would you think the same? There was 2 entries for \\domain\profiles$\johnd.
Only difference is one of the sid no longer exists.
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

rocketz21 <rocketz21@discussions.microsoft.com> wrote:
> Thanks. What I ended up doing was creating a shared folder called
> folderredirection$ and created a folder for each user and redirected
> the app data into that share
> (\\domain\folderredirection$\%username%). That seemed to work fine.

OK.

> If I want to redirect anything else in the future, they will just go
> into that folder.

If you didn't choose to redirect to a subfolder of that %username% folder,
that may be problematic,

Only have one domain with 25 users.
>
> As for the errors in event log, often the user would get loaded with
> a temp profile and I discovered in the registry under the profile
> list for local machine there were 2 instances of the same user with
> the exact same profile path. T

> his is due to recreating our domain
> and using the same names as before.

That can cause a *slew* of problems!

> Used the whoami tool to verify
> the current user sid and deleted the old registry key for that same
> user. Not sure if it will help, but I think that is a big part of
> the problem.

Absolutely.
>
> My thought is the system doesn't know which reg key is correct and
> can't load the profile because there isn't anything to load. That is
> my opinion, would you think the same? There was 2 entries for
> \\domain\profiles$\johnd. Only difference is one of the sid no longer
> exists.

Honestly, at this point, I would purge all the profiles and recreate them.
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"


What other kind of problems would you suspect with this behavior? There's
been a few minor weird things that come up now and then.

I did delete the profiles from the document and settings folder in the past,
but didn't realize there was an entry in the registry.

Would you recommend deleting all the registry entries and the folders from
documents and settings to ensure everything is clean on the workstation.

What about the ntuser files in roaming profile folder?





> That can cause a *slew* of problems!
>
> > Used the whoami tool to verify
> > the current user sid and deleted the old registry key for that same
> > user. Not sure if it will help, but I think that is a big part of
> > the problem.
>
> Absolutely.
> >
>
> Honestly, at this point, I would purge all the profiles and recreate them.
>
>
>
 
Re: uphclean tool "errors in event log"

Re: uphclean tool "errors in event log"

rocketz21 <rocketz21@discussions.microsoft.com> wrote:
> What other kind of problems would you suspect with this behavior?
> There's been a few minor weird things that come up now and then.

Many mysterious things, if you have two AD domains with different SIDs but
the same names. None fatal, probably :)
>
> I did delete the profiles from the document and settings folder in
> the past, but didn't realize there was an entry in the registry.

Yes. When you want to delete profiles, do it in control panel | system |
advanced..... or use delprof from the resourcekit.
>
> Would you recommend deleting all the registry entries and the folders
> from documents and settings to ensure everything is clean on the
> workstation.

Could do...
>
> What about the ntuser files in roaming profile folder?

Nothing with the ntuser.dat files themselves - but if you don't have any
luck with purging only the local copies of the profiles, you ,might
temporarily rename the server copy and let it rebuild. Then copy out what
you need from the backup/copy (such as Favorites, etc).

>
>
>
>
>
>> That can cause a *slew* of problems!
>>
>>> Used the whoami tool to verify
>>> the current user sid and deleted the old registry key for that same
>>> user. Not sure if it will help, but I think that is a big part of
>>> the problem.
>>
>> Absolutely.
>>>
>>
>> Honestly, at this point, I would purge all the profiles and recreate
>> them.
 
Back
Top