Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi everyone,
I am facing a severe problem since many days as the user profiles are been generated automatically onto the windows server. I have checked the group policy and there is no such group policy which has enabled folder redirection or roaming user but still the user profiles are been copied onto the server. I would really appreciate if someone can help me out on this issue.
If you are saying you don't want the profiles made on the servre - Check each users propeties and make sure there is nothing (Make blank) the 'Profile Path' Box (think it is on the profile tab)
0 
It sounds like something is running that doesn't belong and you have to find out what it is and where it is. You could try the tasklist command or better yet:
WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,ProcessidThe second command will send all running processes to processlist.txt
It's similar Hijack This which can be used as well.
0
Hi Guys,
I did checked all the running processes on the server but couldnt find anything which seems to be dodgy and also made sure that there is no profile path set under the user properties. I m hereby copying the processes that are currently running on the server.
Thanks.
Caption CommandLine ProcessId
System Idle Process 0
System 4
smss.exe \SystemRoot\System32\smss.exe 388
csrss.exe C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 436
winlogon.exe winlogon.exe 460
services.exe C:\WINDOWS\system32\services.exe 508
lsass.exe C:\WINDOWS\system32\lsass.exe 520
svchost.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch 680
svchost.exe C:\WINDOWS\system32\svchost.exe -k rpcss 832
svchost.exe C:\WINDOWS\system32\svchost.exe -k NetworkService 896
svchost.exe C:\WINDOWS\system32\svchost.exe -k LocalService 912
svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs 948
ccSetMgr.exe "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" 1004
ccEvtMgr.exe "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" 1044
SPBBCSvc.exe "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" 1144
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe 1516
msdtc.exe C:\WINDOWS\system32\msdtc.exe 1540
pbeagent.exe C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe 1612
PBESER~1.EXE C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.exe 1624
beremote.exe "C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe" 1636
cpqrcmc.exe C:\WINDOWS\system32\CpqRcmc.exe 1752
vcagent.exe C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe 1776
DefWatch.exe "C:\Program Files\Symantec AntiVirus\DefWatch.exe" 1816
dfssvc.exe C:\WINDOWS\system32\Dfssvc.exe 1872
dns.exe C:\WINDOWS\System32\dns.exe 1992
svchost.exe C:\WINDOWS\System32\svchost.exe -k WinErr 2008
inetinfo.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe 2116
pds.exe C:\WINDOWS\system32\CBA\pds.exe 2184
ismserv.exe C:\WINDOWS\System32\ismserv.exe 2276
NscTop.exe C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.exe 2328
ntfrs.exe C:\WINDOWS\system32\ntfrs.exe 2460
svchost.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 2532
svchost.exe C:\WINDOWS\system32\svchost.exe -k regsvc 2552
snmp.exe C:\WINDOWS\System32\snmp.exe 2588
Rtvscan.exe "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" 2616
smhstart.exe C:\hp\hpsmh\bin\smhstart.exe 2676
svchost.exe C:\WINDOWS\System32\svchost.exe -k tapisrv 2728
hpsmhd.exe C:\hp\hpsmh\bin\hpsmhd.exe -fC:/hp/hpsmh/conf/smhpd.conf 2780
cpqnimgt.exe C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe 2788
rotatelogs.exe C:\hp\hpsmh\bin\rotatelogs.exe C:/hp/hpsmh/logs/error_log 5M 2928
rotatelogs.exe C:\hp\hpsmh\bin\rotatelogs.exe C:/hp/hpsmh/logs/access_log 5M 2936
cqmgserv.exe C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe 2964
cqmgstor.exe C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe 3012
tcpsvcs.exe C:\WINDOWS\system32\tcpsvcs.exe 3028
hpsmhd.exe C:\hp\hpsmh\bin\hpsmhd.exe -d C:/hp/hpsmh -f C:/hp/hpsmh/conf/smhpd.conf 3048
HNDLRSVC.EXE C:\WINDOWS\system32\ams_ii\hndlrsvc.exe 3084
MSGSYS.EXE MsgSys.exe 3164
IAO.EXE C:\WINDOWS\system32\ams_ii\iao.exe 3260
rotatelogs.exe C:\hp\hpsmh\bin\rotatelogs.exe C:/hp/hpsmh/logs/error_log 5M 3268
rotatelogs.exe C:\hp\hpsmh\bin\rotatelogs.exe C:/hp/hpsmh/logs/access_log 5M 3276
XFR.EXE C:\WINDOWS\system32\cba\xfr.exe 3296
sysdown.exe C:\WINDOWS\system32\sysdown.exe 3348
svchost.exe C:\WINDOWS\System32\svchost.exe -k iissvcs 3360
cqmghost.exe C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe 3436
wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe 4220
svchost.exe C:\WINDOWS\System32\svchost.exe -k termsvcs 4580
wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe 5040
explorer.exe C:\WINDOWS\Explorer.exe 5564
cpqteam.exe "C:\Program Files\HP\NCU\cpqteam.exe" 3128
ccApp.exe "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" 5396
VPTray.exe "C:\PROGRA~1\SYMANT~1\VPTray.exe" 5556
vxmon.exe "C:\Program Files\Symantec\Backup Exec\RAWS\VxMon.exe" 5696
cwscan32.exe "C:\Program Files\Xerox\CentreWare55\Scanning_Svcs\cwscan32.exe" /AUTOSTART 4448
HPNRA.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPNRA.exe" 5440
HPBOID.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.exe" 1796
HPBPRO.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.exe" 5996
HPBOID.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.exe" 5244
HPBPRO.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.exe" 6092
HPBOID.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.exe" 4408
HPBPRO.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.exe" 744
HPBOID.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.exe" 7536
HPBPRO.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.exe" 7556
HPBOID.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.exe" 8004
HPBPRO.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.exe" 8016
HPBOID.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.exe" 6264
HPBPRO.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.exe" 6272
HPBOID.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.exe" 3136
HPBPRO.EXE "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.exe" 6492
logon.scr C:\WINDOWS\system32\logon.scr /s 5332
csrss.exe C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 6000
winlogon.exe winlogon.exe 7720
rdpclip.exe rdpclip 5792
explorer.exe C:\WINDOWS\Explorer.exe 5392
cpqteam.exe "C:\Program Files\HP\NCU\cpqteam.exe" 6608
vxmon.exe "C:\Program Files\Symantec\Backup Exec\RAWS\VxMon.exe" 7928
cwscan32.exe "C:\Program Files\Xerox\CentreWare55\Scanning_Svcs\cwscan32.exe" /AUTOSTART 6784
wuauclt.exe "C:\WINDOWS\system32\wuauclt.exe" 2888
cmd.exe "C:\WINDOWS\system32\cmd.exe" 5524
wmic.exe WMIC 5576
0
You say you've checked group policies, but did you look in the users' accounts themselves and check if there's anything listed for the profile path field?
Assume that I already did an Internet search.
0
I did mention in ma last message that i have checked the profile path under user properties but as i said there is nothing set under profile path.
0
Sorry, hopefully someone here has a better suggestion than me.
Assume that I already did an Internet search.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
