Moving XP User Profile

I just got done setting up my new Windows 2003 server at home. I had another server before which was running as my domain controller. This was causing DNS issues because I stupidly named my local domain the same as my web domain name. I couldn't visit my website using the base domain name because that IP resolved to my local DNS server and when I tried to delete that entry on my DNS server and point it to the correct IP it somehow magically reappears after sometime. At any rate I decided to setup a new Windows 2003 server as my new domain controller for a different domain.

The problem I had is I needed to rejoin the new domain and I didn't want to lose all my local profile settings so I thought I could just copy the profile but that doesn't work very because my old profile shows up as "Account Unknown". So I started on my hunt for a way to copy my profile over. Instead I found an article on Windows IT Pro that shows how to Move User Profiles.

Here are the general steps they listed:

The One-Size-Fits-All Approach
Let's try a step-by-step example. Suppose Jake once used a local account to log on to a machine named Old, and he'll now use a different local account to log on to a machine named New. Here's how to move his profile from Old to New.

  1. Copy Jake's old profile folder from Old to New. The %USERPROFILE% environment variable identifies the location of Jake's profile. (You must log on as Jake for this method to work.) Alternatively, look in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\SID\ProfileImagePath subkey, where SID is Jake's SID. If you need to determine which SID is Jake's, use GetSID, which you can download from http://www.microsoft.com/windows2000/techinfo/reskit/tools/default.asp. GetSID's syntax is a bit odd: 
    2. getsid

    where accountname is the account's name and accountsource is the name of the machine that contains the account. Having the account name and machine name appear twice isn't a typo—both names must appear twice. In Jake's case, you would type

    getsid \\Old jake \\Old jake

    Now you have the SID and therefore the correct registry subkey.

  2. After you find Jake's profile, copy it to the location in which New keeps profiles—probably Documents and Settings, so his copied profile now sits in C:\documents and settings\jake.
  3. Create Jake's new local account on New. Log on as Jake, then log off. Log back on to the system as a local administrator, and use GetSID to find Jake's new SID.
  4. Open Jake's folder in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. Double-click the ProfileImagePath subkey and replace its contents with \%systemdrive%\documents and settings\jake. Close your registry editor.
  5. To fix the file and directory permissions, right-click the Jake directory and choose Properties. On the Security tab, add a permission for Jake in the typical way: Click the Add button, then choose the local Jake account. Back on the Security tab, give Jake full control by clicking the box under Allow next to Full Control. Close the dialog boxes.
  6. Start up regedt32 (in Win2K or NT) or regedit (in Windows Server 2003 or XP). Navigate to the HKEY_USERS hive. In regedt32, click Registry, Load Hive; in regedit, click File, Load Hive. In the Load Hive dialog box, navigate to C:\documents and settings\jake. Inside that folder, select ntuser.dat and click OK. A second Load Hive dialog box asks you to fill in a Key Name text field. Enter Jake and click OK.
  7. On your registry editor's main screen, open the HKEY_USERS hive. In regedt32, click the Jake folder and choose Security, Permissions; in regedit, right-click the Jake folder and choose Permissions. Click Add and add a new permission entry for Jake. Click OK to return to the Permissions for dialog box. Give Jake full control over his registry subkeys by clicking the box under Allow next to Full Control, then click OK to return to the registry editor's main screen.
  8. Now that you're finished with the modifications, you need to write the changes back to the file. To do so, click the HKEY_USERS\Jake folder. In regedt32, click Registry, Unload Hive; in regedit, select File, Unload Hive. Choose Yes to confirm the action. Exit your registry editor.

[Move User Profiles]

After doing this pretty much everything worked. With the exception I had to re-enter any of my saved passwords, which is not a big deal. I believe the passwords were wrong because they probably use DPAPI which uses the currently logged in user as part of the encryption key.

7 Comments

  • MAN!!! YOU SAVED MY LIFE!!!!!!!!!!!!!!!!!



    THANKS THANKS THANKS!!!!!!

  • This might be what you are looking for.

    1) login as administrator or user with admin rights.

    2) open Windows Explorer, navigate to Docs & Settings, and copy all profiles you want to external harddrive, network share, etc. *on copy if you get ntuser.dat in use error, restart and try again.

    3) open regedit, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList and export entire profilelist or each account individually (will be .reg file).

    4) login in to new machine as administrator or user with admin rights.

    5) copy profile(s) to Docs & Settings on new machine

    6) run .reg file(s) by double-clicking and adding to registry.

    7) re-assign permissions: right click on user profile --> Properties, Security tab, Add button, add user and hit ok, select user and check full control check box then hit Advanced button. On Advanced window, uncheck "inherit from parent..." and check "Replace permissions...".

    8) logoff and have user login

  • Yes it would be nice to be able to import a "foreign" profile; however, the fact that we can't is part of the security system on windows. The user profiles are supposedly tied to a unique Keberos public/private key for authentication. That means that theoretically you should be able to import the private and public key pair but is not the case in Windows as the issuing certificate server (the Windows operating system or Active Directory) is tied to the key. If the issuing certificate server goes away, so does the ability to deal with the profile unique data as it also requires that the issuing certificate server be able to authenticate the data. So you essentially have a jumbled mess of data and no way to unencrypt it. That is why the TechNet article walks through manually moving files from one profile to another. It really is frustrating that all of the application configuration data isn't portable (e.g. MS Outlook configuration)

  • I have seen similar problems. In my opinion ADMT is rubbish. I prefer to use QMM (Quest Migration Manager) a fantastic utility, which can be suctomised according to your requirements. Does SID Merges, User Migration as well as Workstation migrtation. We are using this utility to migrate 3 thousand Workstations and 2500 users from three diffferent Domains to One new domain and so far its full proof. As long as you dont mess up, it doesnt mess up. Try it.

  • The One-Size-Fits-All Approach

    Almost worked for me on a win2k terminal server. I did the above to all the users when we switched the domains that the term server was in.

    Everything was moved over and working great except noone could go to any SSL pages. Further investigation and every certificate on the moved profiles would not validate while any new profiles worked fine.

  • I work in k-12 education and am responsible for roughly 700 workstations, 20 servers and 1600 users. When I do a set up of a workstation, I want every profile to be identical for each room/lab/school. I have softwares that must be post installation configured and I truly do not want this to happen for each student who happens to sit down at this workstation. What I am doing now is simply getting everything the way I want it - printers, software, user experience... and then I log on as local admin and copy the user profile I just set up to the default user profile. Now every user who sits at this machine will see the same set up, have the same feel, and will work in te same way. Though this is not very time consuming, it does take more of that precious commodity than I have to give to it. I want to be able to perform this function with a script.
    Does anyone have any ideas how this can be accomplished?

  • Possibly a *bit* off topic, but this seems to be the most likely place to get an answer, so my apologies, but ...

    Relocating profiles and program files directories etc. I can do in my sleep

    What I'd like to know is whether it is possible to share the same profiles and program files directories between two separate XP installations on the same system, such that both installation use the same files in the same directories

    Cheers

Comments have been disabled for this content.