Over 1 million tech questions and answers.

How to Enable Account Lockout on a Cached Domain Account

Q: How to Enable Account Lockout on a Cached Domain Account

We have laptop computers that normally log into the AD domain, but also need to be able to allow users to log into the computer when the domain is not available for authentication.
My issue is, I would like to harden the laptops against brute force login in the event the laptop were stolen. Even though we have a domain-level policy that locks an account after three invalid login attempts, I am not finding a way to do that with
cached credentials when the computer is not on the domain. The user does not have a locally defined account on the laptop, only cached domain credentials.
Limiting the number of cached logins does not address this particular situation that I have been able to find -- the computer still allows an unlimited number of incorrect guesses at the password, and once the correct password is entered, the account is
logged in.
This is Windows 7 Professional.
Any suggestions would be appreciated. Thanks.

Read other answers
Preferred Solution: How to Enable Account Lockout on a Cached Domain Account

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)


I've just joined the site because I have a problem that I can't figure out or I'm stuck. It's for work.
We have a domain with a user who randomly locks out every couple weeks or so. When it locks out it, it keeps locking out for an hour or so and she has to call helpdesk a couple times to have her account unlocked. We are a school and unfortunately our Network is wide open. If I need to close something, I need to do it on her computer. At first I thought it was something running on her computer that was causing the problem, but after checking through everything, couldn't find anything cached, etc.
At that time the security log wasn't big enough and by the time I got to her computer it was overwritten for the time when the account locked. Now, I finally got the security log and see that the source network address is not from our network. I traced it to china. It's always the same 2 ip addresses that try. They use different source ports. In the system at the same time, terminal services is saying that a remote session from client name a exceeded maximum allowed failed logon attempts. I've attached the system and a couple security logs. Always the same IP, but the source port does change.
On her firewall, I added a local rule for port 3389 to only our network. The rule from gpo just opens that right up. I know, I know, it shouldn't be that way, but I have no power to change that.
So, I have a couple questions:
Does my local rule I created in the firew... Read more

Read other answers

I have a user who's account gets locked out every 10 minutes or so. This started today after she completed a policy-mandated password change. In addition to her normal workstation there are two additional computers (all windows 7) she logs into with some degree of regularity. In the course of troubleshooting the issue I had her shut down all three of her computers at once and with all three systems powered down the account continued to become locked out repeatedly. This particular user is a database administrator so I've been entertaining the possibility that her old credentials are statically set in one of her SQL database files. I downloaded and ran a utility called lockoutstatus.exe which showed a bad password count of 4 from a domain controller that she should not be authenticating to. How can I generate a log or otherwise track down the particular workstation, database, process or service that is trying unsuccessfully to authenticate using her (presumably old) credentials. Most of our servers are running Windows 2008 or 2012.

Read other answers

what I did:
1. enable guest in "local user and groups"
2. remove guest account from local security policy -->"deny log on locally"
but, in local seurity policy -->"guest account status " is greyed out, by default it is disable, I have to put the computer to workgrup then enable the guest account
after all these, still can't logon to the PC as guest, got "the account is disabled, pls contact admin....."
what am I missing? should I modify GPO? where do I find the GPO that affecting guest account?

A:how to enable guest account on a domain computer

As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will
mark it as ?Answered? as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to  reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you

BTW,  we?d love to hear your feedback about the solution. By sharing your experience you can help other
community members facing similar problems. Thanks for your understanding and efforts.
Leo   Huang
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.Leo Huang
TechNet Community Support

Read other 8 answers

Is it possible to prevent a user from being able to use "Connect to a Microsoft account" from the OneDrive Settings under File Storage?
We are deploying Windows 8.1 Enterprise in a Corporate Environment and do not want to be able to connect Domain Accounts with Microsoft accounts.
I have applied the GPO Setting 
Computer Configuration > Windows Settings > Security Options > Accounts: Block Microsoft accounts = Users cant add or log on with Microsoft accounts
However this has not disabled the option to join a Microsoft Account from the OneDrive Settings. It has disabled the option from the Accounts settings however.
Any advise appreciated


A:Prevent connecting Microsoft account to Domain account from OneDrive settings

Hello Lee Bowman,
Based on my test, I use the following steps to block the Microsoft account:
1. Open Group Policy Management Editor
2. Go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options> Accounts: Block Microsoft accounts.
3. In the drop-down menu, select Users can?t add or log in with Microsoft accounts
After applying the Group policy , I still can?t use the OneDrive to add Microsoft account.
When I try to add the Microsoft account, I will get the following message.

Best regards,
Fangzhou CHENFangzhou CHEN
TechNet Community Support

Read other 2 answers


Apologies in advance if this is not the right area. I was directed here by a Support Engineer in the

Microsoft Community forum. If this is not the right place, please let me know the best place to post this question.

The question presented on domain PCs after clicking 'Settings  > Change PC Settings > Accounts > Connect to a Microsoft account' is:

Which PC settings from your Microsoft account do you want to sync with your domain account?

The options are:

Start Screen
Desktop personalization
Apps (list of apps you've installed)
Passwords (apps, websites, and networks)
App Data
Language Preferences
Ease of Access
Other Windows Settings
Web browser (open tabs, history, and favorites)

What I'm looking for is more information about all these options. For example, what is synced with a domain account when the 'App Data' or 'Other Windows Settings' boxes are checked? Those are very vague descriptions, and I'm trying to figure out
what exactly is synced when these options are selected.


Read other answers

I am a system administrator in a large enterprise environment and we are doing a rollout of Windows 8.1. In our image capture we somehow captured a setting that is disabling users from setting up a connected account with their domain account. I am relatively sure that it is in my unattend and I can fix it for machines going forward but I really don't want to have to reimage the machines I've already deployed.

When I go to connect an account, the "connect to a Microsoft account" option is grayed out and the "some settings are managed by your administrator" message is displayed at the top. This is NOT a group policy object that is applying. The machines are in a test OU and there is absolutely no policy applied. I have searched all through local policy and even did a search through the registry for "account" (that took forever) but have been unable to find any registry key or local policy that would be causing this issue.

Does anyone have any idea what setting might be causing this?
Any help is greatly appreciated as I have 30+ machines already out in the environment and the user experience is going to be terrible if I have to reimage them all.

A:Unable to connect microsoft account to domain account

This is a copy from a technet forums...I haven't seen this issue myself...but it may point you in the right direction.

There is a policy for this:
It's Administrative Templates\Windows Components\App Runtime > Allow Microsoft Accounts to be optional
In 2012, 2012 R2 there is an option in CompConfig\Windows Settings\Security Settings\Local Policies\Security Options that reads "Accounts: Block Microsoft accounts"
If you don't have 2012 or 2012R2 then you can RSAT from a Windows 8 box and change the settings that way

Read other 4 answers


I am trying to look for the most clean and painless way to basically tie a user's local machine account to a newly created domain account. I found that I can change the registry setting for ProfileImagePath in order to point it to the old profile. One thing that this doesn't seem to do is to reference the outlook profile that is on their local account. Is there a way to move this profile without having to just recreate it on the new domain account? Is there an easier way of moving everything in general?


Read other answers

at my work one of the server (2000) lockout this is a stand alone server now i can remember the password how can i unlock this account please help me

A:Account lockout

Read other 9 answers


I have been facing problem with newly purchased laptop which is loaded with vista home basic.

I have a domain network in my office,I used to connect this laptop daily as a work group machine I used to work fine,Recently when I try to connnect to one system it gives me a error.

<\\system is not accessible.You might not have pernmission to use this
network resource.Contact the administrator of this server to find out if
you have access permission.

The referenced account is currently locked out and may not be logged
on to.>

Its ok with with other systems when i try to connect them .Any help will be appreciated.


Read other answers

Hello Everyone.

Im currently having a problem with a freshly installed laptop at our office, or rather outside our office. Its running Win 7 Pro. The problem is that the user can login to the computer without a problem at the office, using cable or wifi, once outside the office it gets the error "there are no logon servers available" and it fails to logon to the cached profile.

At first i didnt test this, i didnt turn off Wifi or unplug the network cable after i installed the computer for him, i just tought that it would work since i havent had this problem with other laptops on the site, so the user was rather pissed when he noticed that he couldnt log on to the computer when he was at home.

In order to solve the issue, i unjoined the computer from the domain, let it join a workgroup instead. I then renamed the computer and then let it join the AD domain again and it created a new workstation object.

I then restarted the computer 10 times, every other restart i logged in with network enabled, wifi and cable, and every other restart i logged in with the cached account with wifi disabled thru the physical wifi switch, and no network cable attached. And it worked without a problem.

So i tought i had fixed the problem by removing/unjoining the computer from the domain, and then rejoining the computer to the domain using a fresh new computer name and by that creating a new computer object in AD. Doing 10 restarts and doing 10 logins with and without netwo... Read more

Read other answers

Hello all,

Windows 7 has made my Account Lockout Duration set to 99360 minutes (69 days).

What's really bad is I can't change this. It's disabled even though I'm an admin.

I've search for days trying to figure out how I can change this and was hoping someone here could help me.



A:Account lockout problem

Have you tried to change Account Lockout Threshold to 0, it should then reset the duration?


Read other 5 answers

Hello All,

I'm having a wierd problem since installing Windows 7 Ultimate (RTM). Whenever I lock my computer, I can't log back in - it says that the password is incorrect. However, if I cancel my attempt to log back in, and then click that button "Log in as a different user", and then manually type in my username and password (the same one that was denied access in the previous step), I can get back in.

It's a domain account that I'm using here. This didn't happen when I was using Vista. Does anyone have any idea what's going on here?


A:Account Lockout (sort of) in Win 7

Quote: Originally Posted by aschultz

Hello All,

I'm having a wierd problem since installing Windows 7 Ultimate (RTM). Whenever I lock my computer, I can't log back in - it says that the password is incorrect. However, if I cancel my attempt to log back in, and then click that button "Log in as a different user", and then manually type in my username and password (the same one that was denied access in the previous step), I can get back in.

It's a domain account that I'm using here. This didn't happen when I was using Vista. Does anyone have any idea what's going on here?


the user name and password are combined to form a pair. If you have 1 bad character in the name (space) the password is rendered wrong


Read other 2 answers


I think iam posting in the right place.my problem is all the users in my active directory gets locked out automaticlly I dont know what the actuall problem is.If the user once log off and try to log on back he will be locked out.

os:nt 2000

A:Solved: account lockout

Read other 9 answers

I have an account that's locking out on the hour every hour.

I'm pretty sure it's being caused by a service or program using stored credentials somewhere on the network.

Is there any way of tracing where on the network it's coming from??

A new account is not an option.

A:Account lockout problem

might be a good idea to give more details ; ie , what are the things you suspect more specifically and... using xp 2000 ? etc.,

Read other 2 answers

Hi guyz,

I was going through the security check list of NIST for Windows 2003 server and I think it will be helpful if I enable the account Lockout policy say after three consecutive attempts. But I have three questions in mind.

1. If I enable this policy on our Domain Sever then will it be helpful in case of user is trying to connect through the IPC$ shares of C,D drives or Admin shares???

2. Will it work for Remote Desktop users as well as terminal logon or logon through service or script??

3. If I enable this policy then say I try to connect to a computer through remote desktop and I use the "Bob" user name who is in the domain admin group or any other user (instead if mine) and give three consecutive bad passwords so what will happen?? The "Bob" account will be locked out or my account will be locked out??

A:What account Lockout Policy can and cannot do?

1. Don't know
2. yes the policy should affect Windows Remote Desktop
3. Bob will be locked out.

One article I read about this says the consecutive attempts limit should be set at 10. Because if you set it at 3, then someone could cause a denial of service to Bob by simply entering 3 rubbish passwords. The best way it says is to read the event logs to see if there are a lot of bad passwords entered.

Read other 1 answers

Dear Team,
Account lockout policy has configured 90 mts in one of the Group (Win Server 2008 AD GPO) and GP pushed successfully to the system but still Account locking within the 3 mts,please advice me ...
Thanks and Regards,
Nanjunda Patil

Read other answers

Hi, I was hit by a virus that changed the password for my administrator account. I have removed the password however I now have a restrictions problem, when I try to login it tells me that the account cannot log you in due to account restrictions.
Any help to save me from full rebuild of my machine.

A:Admin Account Lockout

Is the Administrator account the only admin account on the machine?
Or did you create your own user account when you installed windows the first time around?

Read other 1 answers

I have a user experiencing consistent account lockouts daily.
Netlogon logs show the following:
11/03 09:14:37 [LOGON] CHURCHILL: SamLogon: Transitive Network logon of (null)\gittyb from  (via CHURCHILL54) Entered
11/03 09:14:37 [LOGON] CHURCHILL: SamLogon: Transitive Network logon of (null)\gittyb from  (via CHURCHILL54) Returns 0xC000006A
I believe she is experiencing lockouts from two separate DC's.
Any ideas on how to resolve this?
Thanks, in advance.

Read other answers

Hi, I recently installed win 7 ent. edition and i decided to change the account lockout threshold 4 invalid attempts. Everytime i shutdown the system and rebooted my account would be lockout for no reason. now its only happens to my account. This seems to happen on both my computers on the desktop and the laptop.

A:account lockout policy

Quote: Originally Posted by gus1763

Hi, I recently installed win 7 ent. edition and i decided to change the account lockout threshold 4 invalid attempts. Everytime i shutdown the system and rebooted my account would be lockout for no reason. now its only happens to my account. This seems to happen on both my computers on the desktop and the laptop.

Um, reset account lockout to default.

Account Lockout - Reset Invalid Logon Counter


Account Lockout - Unlock a Locked Out User Account

If that doesnt help restore from a backup before the problem


Read other 2 answers

I need to read the individual value before setting new values for bellow attributes
Account lockout duration/threshold/reset account lockout counter
Please let us know how to achive the same.
net accounts /lockoutthreshold:X
net accounts /lockoutwindow:X
net accounts /lockoutduration:X

A:Account lockout policy

Just type in net accounts from a Elevated Command Prompt.

C:\WINDOWS\system32>net accounts
Force user logoff how long after time expires?: Never
Minimum password age (days): 0
Maximum password age (days): 42
Minimum password length: 0
Length of password history maintained: None
Lockout threshold: Never
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: WORKSTATION
The command completed successfully.

Read other 1 answers

So i setup my the account lock out policies in the /admin tools/local security policies/account policies

I believe i changed it so it will lock out for 120min after 2-3 failed attempts.

Now i'm locked out after one VALID attempt cause my password has not changed, but it won't accept it anymore!
Of course in my mopping up of security holes that I know how to do. I disable my administrator account as well. So i have no accounts I'm able to log into.

Do these account policies work for anyone?! I just reinstalled windows a week ago. And i finally got everything setup to my liking. Please don't tell me I need to reinstall windows.

A:Account Lockout Problems

Have you tried going through safe mode?

Read other 4 answers

Hello Guys,

Can somebody interpret this one for me.

Account Lockout Duration : 0 minutes
Account threshold : 15
Reset Account Lockout after: 10 minutes.

Thanks in advance.

This is driving me crazy!

A:Account Lockout Policy Clarification

Hello Goldenlight, and welcome to Seven Forums.

Account Lockout Duration : 0 minutes = The account lockout duration security setting determines the number of minutes a locked out account remains locked out, after reaching the account lockout threshold of invalid logon attempts with a incorrect user name and/or password, before automatically becoming unlocked. When this is set to 0, then a locked out user account will be locked out until an administrator manually unlocks that locked out user account.

See: Account Lockout Duration for Locked Out User Accounts

Account threshold : 15 minutes = The account lockout threshold security setting determines the number of invalid or failed logon attempts with a incorrect user name and/or password that causes a user account to be locked out in Windows. A locked out account cannot be used until it is reset by an administrator or until the account lockout duration for the account has expired or the administrator manually unlocks the locked out user account.

See: Account Lockout Threshold for Invalid Logon Attempts

Reset Account Lockout after: 10 minutes = The reset account lockout after security setting determines the number of minutes that must elapse after a invalid logon attempt before the invalid logon attempt counter is reset back to 0 invalid logon attempts. If the account lockout threshold of invalid logon attempts is reached before the counter resets, then the user account will be locked out until either the account locko... Read more

Read other 3 answers

one of the common issues admins face is users accounts lock out, the free tool currently provided will only show the machine causing the lock out, obviously the end users machine, the support then will have to do a lot to fix it since we don't know the
exact source, the application . like IE., map drive or machine account pwd, my question is can ATA identify what is exactly causing this one the client machine to have a better direct fix

Read other answers

We have a Win2k network set up and all the GPO's seem to be working properly, except now the password policy is not. The users are getting locked out of their account after 3 unsuccessful login attempts as I have configured, but then it is suppose to unlock them after 5 minutes. For some reason, this is not happening. I have checked and this is configured now at the highest OU level, on the domain controller and even for specific OU to try to get this to work and nothing! Any ideas??

Thank you soo much!


Read other answers

I have not really had the time to start using Message Analyzer so I don't really now what it can or cannot do and I have a task which I'm hoping it can help with.
I have two Windows 2008 R2 domain controllers which I would like to run live monitoring for account lockout issues. Is it easy to do and the right tool?
Also need to go back over the past security event logs and wondering if I can use it for that as well.

Read other answers

Hi there I was wondering if someone could please help me. I have a computer with windows 2000 pro and I accidentally deleted an account. Now I can't log into windows at all, all I get is the log on prompt. I tried using the windows cd to repair the installation but is says that my hard disk is new or has been erased. and it won't let me use the repair option.

The second problem I have is getting back the account that I accidentally deleted, there was some important information on that account like bookmarks and email addresses that I need to recover.

please help me!

A:help! Windows 2000 lockout / account deleted

Was there only one account and you delete it? Or, is there an Administrator account? Can you simply "cancel" past the login and it allow you access?

Read other 3 answers

Domain config

NT4 domain, DCs are at spk6a - 1 DC has MS Proxy service running- but is
not used much, clients are mainly win2k & win2kPro spk4, 6 XP spk1 and
few NT4 spk6a.

The problem

A user will login to the domain successfully and then log off, go have
lunch, come back, try to login and their account is locked out.


In reviewing the security logs from all DCs, I see ID 528 - successful
logon, 538 - successful log off, 539 - failed login due to account
lockout, 642 - account has been changed and 644 - account locked out
errors, I do not see any 529 - failed logon attempt. This problems
happens to about 500 -1000 users per month. Now, some are caused because
the user passwords have expired and they just forgot the new password,
or they had CAP LOCK on, but in both these case I do not see the 529
errors for these.

When looking at the accounts that are locked out , it shows that the
account that locked the users' account is SYSTEM which is done on the
PDC. This is the correct behaviour.

There was a virus last year that did this, but there is a patch now in
place. They did have thier PDC crash and had to rebuild it a few months
ago, which is when the problem first began, but I do not see any SAM
replication errors on any of the BDCs, replication is happening
frequently. During normal business hours, replication happens about
every 5 -10 minutes. Off peak hours 30 - 40 minutes. the event ID on PDC
is 5711 and 5715 on the BDCs' ( rep time the same)

T... Read more

Read other answers

I have a Windows 2000 machine where the local administrator account to log onto the p.c and not any domain, has been locked out. The user has reset password but has forgotten it. there is no back door account to access the computer either. All lessons to be learnt but for the time has anyone got any solutions or now of any third party software which will allow administrator back into the machine without a rebuild of the p.c

Read other answers

Tracking down account lockout events on a domain is often a challenging task - which domain controller locked the account? which machine initiated the lockout? is there a disconnected RDP session still sending old credentials?

Whilst simple packet capture function in ATA will not expose this data, use of Windows Event Forwarding does.
If the ATA Gateway is set to pull Security Event 4776 (normal domain security activities) as well as 4740 (account lockout), it would seem to be a trivial task to flag this as a suspicious event in the ATA Console,and Notify appropriately (eg Service Desk).
This would deliver a major time saver to support staff trying to assist in a repeatedly locked out user account....

Alternatively - is there a mechanism in ATA somewhere to enable an ATA admin to manually create a new category of suspicious activity ?

Read other answers

I have a user with Win. 2000, logging into a domain, admin account on local policies. The problem occurs in no set pattern.

User will go to control panel or other functions, this is random also, and system will drop them off the domain, account will be locked out in the Server. I will have to unlock account and user can resume. This user is also configured as admin account on the server(Win 2000 Server). I have had to reset users password to allow them back onto the domain, after uncheck of account lockout. This occurs several times a week, on first login. Virus pattern files are up to date, scan shows no problem. This is the only case I have run into on this network.


Read other answers

Hello all
I am running :
XP SP3 Home Version 2002
Dell Dimension 4300
Intel Pentium 4 1.60 GHz
I am encountering a BSOD after login , during the loading of desktop. It appears to happen just as the system tray loads. I can supply screen shots of the BSOD, info gleaned from BlueScreenViewer, and Event ID info, also a ComboFix log.
The unusual thing is, I can login using other accounts on the machine, and all the functionality remains. I can make most Administrative changes, and boot in safe made, but the files relating to the "bad" account remain locked. I have tried so many fixes, even going so far as to install another hard drive, and try to access the files from there, but no dice. Can you help?

A:Blue screen leads to account and file lockout

Exactly...what happens when you try to access the hard drive when it is a secondary drive?

Please do not post any logs of any type...unless they are requested. Particularly, no malware logs, as malware is not the focus of this particular forum. If you suspect malware, you need to provided more details about why, circumstances that promote such, etc.

Please post the BlueScreen View log/data.


Read other 3 answers

Hi all,

Just a quick question here. I have my machine BitLocker enabled and there is this Group Policy setting in Windows 10 called Interactive logon: Machine account lockout threshold. I left this setting NOT CONGIFURED.

Since my Windows logon password is more than 10 characters long and complex, is this setting required along with using BitLocker? Plus, I am the only one using my notebook most of the time at home. And when I do decide to travel with it, I would never lose possession of it.

So is this mandatory?

Read other answers

Dear Team,
My name is Lucky and i have an issue with active directory user accounts.
The some of the active directory accounts locked out very frequently and when i try to get the information about the source no information available, can you please suggest how can i get the full details using Message analyzer or any other way to get the
Failure Reason: Unknown user name or bad password.
Sub Status:

Logon Account: insurance
Source Workstation: Rdesktop
Error Code: 0xC0000064
Event id-4776, 4625
Your help is highly appreciated.
[email protected]

Read other answers

I wants to perform the specific application under domain admin right for domain user account
I have try create shortcut and type:"runas /user:ComputerName\Username /savecred "C:\path\to\file.exe""
Then, I can run it and pop up the Attention. but  the application is appear "APPSCRASH", when press"Yes" 
If I type local / domain administrator account, it can run application normally.
How to fix it? The application is typing of the dead

Read other answers


We are creating a PDF file in login user's local application folder (C:\Users\%username%\AppData\Local\folder1) through a custom .Net application and displaying the created pdf file in application.

The above functionality is working for users who are part of domain and added to local vista machine as users (both for administrator and standard user accounts).
The same is not working for local users (both administrator and standard user accounts created in vista box).

File is getting created for any user under their local appdata folder and can able to open from that location, but not displaying from app in case of local system users (admin or standard type).

Can anyone help me what security settings differ between domain users vs local users in vista business 32 bit OS?


A:domain account user vs local account user in vista

Policy that is actually causing the problem (or lack thereof) is corresponds to Internet Options control panel, Connections tab, Lan Settings button: Use Automatic Configuration settings.
Having this turned on causes IE to load a configuration file prepared by IT department which makes a whole lot of configuration changes to IE, including remapping the security zones. We can test this by unchecking this option (the default state).
Since the machine is in domain and since we are testing with domain users accounts, I have monitored domain controller pushing down a bunch of policy settings which relax the IE security settings, causing the reports to display.
First, domain settings will resync over time and this checkbox will keep getting turned back on automatically. So you can?t really turn this off, it won?t stay off. I would feel better just testing local accounts, but since the computer is also a member of the domain, machine-specific policies are applied by the domain as well.

Read other 1 answers

I have a user with a machine that was setup with Win 8.1 Home. The machine has been upgraded to 8.1 Pro and joined to a domain (WinSrv 2003). I need to get the conten/configuration from their old local machine user profile to their new domain user profile. I tried to copy the contents of their ../users/<name>/.. folder from the local user profile to the new domain user profile (after they had logged in once, and then logged off). This did not work. When I did the copy, I grabbed all files, including hidden...was that my mistake, or is the issue broader?

In the end....they want their old stuff and configuration under their new credentials/profile.



A:Merge Domain User Account with Local User Account

There are 4 conventional ways of accomplishing this task.

Option 1: Simply copy My Documents, Favorites, Desktop items from one to the other. You will have to setup program options again, may or may not be a big deal

Option 2: Use the Windows Easy Transfer option. Explained here. Vista & Win7 local to domain profile migration

Option 3: Use the Copy To Feature in User Profiles, explained here: Copy a user profile. The steps are outlined for different versions of Windows, but they work the same in Windows 8.

Option 4: Use the User State Migration Tool. User State Migration Tool 4.0 User's Guide. Here is a link to a video on using the USMT. User State Migration Tool in Windows 7 - Install | TechNet

Read other 2 answers

Currently we are in the middle of a migration project. We are migrating users from child domains to the root domain of one organization.
The user accounts are migrated with powershell using Move-ADObject cmdlet. This works as expected. The SIDHistory attribute is updated correctly.
Recently we received complaints from some *migrated* users - they lost their default/custom file associations. This happens only on Windows 8/Windows 8.1.
What happens:

the user is migrated and logs onher profile loads and everything's preserved (as expected)the user clicks on a .jpeg file (previously associated with program XYZ)OS asks the user to choose a program to open the file withthe user chooses a default program XYZ and the file openswhen the user clicks on a .jpeg file again - OS asks to choose a program again
i.e. the settings are not preserved.

Our investigation shows that it is connected with the UserChoice registry key and the HASH value under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SomeExt

According to this blog 
the HASH is calculated based on user's SID. But after the migration the user has new SID and the HASH becomes invalid and we hit this:
"However In Win 8, the registry changes are verified by a hash (unique per user and app)  that detects tampering by apps. In the absence of a valid hash, we ignore the default in the registry."
Currently deleting the UserChoice key for all a... Read more

A:File associations are lost when user account is migrated from one domain to another domain (SID changes)

Hello Petar K. Georgiev,
Please check the following article to change the registry key to change back to the default file type associations.
Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best regards,
Fangzhou CHENPlease remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Read other 2 answers

I am VERY confused - Please help.

By setting up Full Drive Encryption on Win10 and 8 systems, with a BitLocker password, will that BitLocker password would be the same as the normal Windows user account password?
On these OS systems there is a new Local Security Policy settings called:
Interactive logon: Machine account lockout threshold
?www.stigviewer.com/stig/ ??? /V-36772

By looking at the image shot, will that BitLocker password be the same as my Windows account password?

So in other words, when I enter this BitLocker password, will it just boot into Windows without having to type in a separate Windows logon password?

Correct me if I am wrong here, but does this mean that in Win10, the BitLocker Password is used in conjunction with the Windows Account logon password?

Or lets say that I have a Windows 10 Admin password created, and I enter that account's Windows password too many times, does this mean that when the account is locked out, it will affect BitLocker as well?
Or, does my Windows Account password is considered itself a BitLocker password?
I am confused here. Please explain.

A:Win10 Bitlocker and Interactive logon: Machine account lockout?

The Bitlocker password is not linked to your user account - the 2 are completely independent programs that have their own security settings.

Read other 2 answers

Hello everyone,
I have just installed windowXP service pack2. I created one user account(member of user group), after that I confused to disable administrator account. So how can I enable it back?
I have only normal user.
Please anyone show me this thread.
thank you.

A:Enable administrator account?

Get into safe mode by tapping F8 immediately on startup and choose safe mode using the arrow keys and enter key....then sign in as admin account and go control panel and user accounts

Read other 3 answers

I'm unable to enable the Administrator account on my Dell Latitude E5550 running Windows 8.1 Pro.

When I run the lusrmgr applet to enable Administrator (or execute 'net user administrator /active:yes') I get the following message:

'The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.'

When I checked, these were 1, Disabled and 0 respectively. I have never altered these settings on this laptop before as it's a new machine.

I've tried various settings in the password policy using secpol.msc, such as 8, Enabled and 5 respectively, but I still get that error message from lusrmgr.msc.

I guess I could just create another account with administrator privileges but I'd like to understand and fix this problem.

Thanks for any advice.

A:Cannot enable Administrator account

This is now resolved, just be trial and error.
I changed the minimum password length, password complexity and password history requirements back to 1, Disabled and 0 respectively (the defaults), then tried to enable the administrator account again, and this time it worked without complaint. Very strange.

Read other 1 answers

my brother accidentally changed the properties of the administrator account to standard account and after that i'm not able make any changes in the computer...i tried the command thing and it did not work...

A:How to enable administrator account

Welcome, Janice.

Try these two links to see if they help:

Built-in Administrator Account - Enable or Disable in Windows 8

Built-in Administrator Account - Reset to Default

The tutorial index can be accessed here if you need to look further.

Windows 8 - Tutorial Index

Read other 2 answers

I am trying to enable the administrator account in Windows 10 Pro but without much luck.

Whatever option I try I am left with a request asking me for an 'admin username and password', which I don't have, but the only active box available is for 'No' anyway.

If I use the 'command prompt' route then I am not offered the same options that are indicated by the guide I am referring to.

Tried the Administrator tab in 'Local Users and Groups', where the Admin. account is ticked disabled but it won't let enable it.

It seems I am blocked at every point from enabling this and I can't carry out certain actions on the PC until it is.

I will be eternally grateful if there is someone who can shine some light on this. I am obviously doing something wrong but I don't know what.


A:Can't enable Admin. account

Welcome to the forum. Are you signed in with an admin account why don't you know the admin password?

Read other 2 answers

hi ther , i have did a silly thing n now i dunno how to make it back to normal.

i have disable an account n now i cant login to the account

it shows this massage "Logon Failure: Account Currently Disabled" wen i wan to login the the account..

pls help me i really dunno how to enable the acc

A:[SOLVED] Enable account!!

Hi -

I had a user account that somehow got demoted on Christmas Eve, 2007. It is frustrating.

You need to get into Vista recovery & perform a Windows System Restore. 2 ways - Boot using the recovery partition (usually press F10 during boot on most systems) or use your Vista DVD. Either one should get you to a screen where Windows Vista System Restore is available.

Once there, select a restore point dated prior to the loss of the account.

Regards. . .



Read other 4 answers

I have a fresh install of win8 and there is no guest account at logon.
I've tried creating a one and it says that it already exists.
I've install win8 on my daughters computer as an upgrade to win7 and she has the guest account.
I can't find anywhere to enable it on mine. I assume I will need to alter something in the registry?

A:How do you enable the guest account?

The quickest way to enable the Guest account is via Control panel/User Accounts/Manage another account. You can also right click on 'Computer' under Metro, select manage from the task bar, then select Local Users and Groups/Users/Guest - Uncheck the account disabled box.

Guest Account - Turn On or Off - Windows 7 Forums

Out of interest, why use the Guest account, why not create a separate account?

Read other answers

I'm not sure where to start with this one. I have a web server with two nics installed. One nic goes out to the internet the other nic is connected to my internal network. I didn't want to install FTP on the web server. So what I would like to do is share the folder to the local web admin can update the website. But how can I put some security on that shared folder? I was hoping to just add that user account permissions to that folder but it's not in the same domain. Would it be bad to put the web server on my internal domain? Any help or thoughts on this would be great.


A:Add a user account from another domain ?

Read other 7 answers