Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Administrator ntuser.dat deleted....

Status
Not open for further replies.
pQi

pQi

MIS
Aug 2, 2002
139
0
0
US
Hello,



Hope someone can help with this...today accidentally the ntuser.dat file was deleted on the administrator profile on a Windows 2003 Server.

After attempting to log in as the Administrator it gives an error stating that access is denied and the profile cannot be found will use Administrator default profile instead....???

When logging in with a newly created profile administrator account, it now has an extension of administrator.0000 for some reason and all my desktop shortcuts are gone...

How can I avoid the message popping up when I log in?? Does this effect the system?

Please help...
 
Sort by date Sort by votes
Well all your shortcuts etc will be gone as you are no longer using the same profile as before. If you have a backup restore from that
 
Upvote 0 Downvote
You could also, as Domain Admin, take ownership of the directories and delete the Admin profile after copying your shortcuts to a temp location (you could copy the whole profile first, or rename the Admin profile as "Administrator.old" or something).
It would save haing to merge a backup job, and the hassle asscoaited for a simple job.
Then, just log in as Administrator and it will create a new profile directory into which you can copy the old profile into.
 
Upvote 0 Downvote
By deleting the old administrator account, will this effect the system or any processes that were using the Administrator account, before I rename it and delete?

 
Upvote 0 Downvote
Sorry, I should clarify... don't delete the Administrator account! Delete the Administrator profile.

You will need to log on as a domain admins person (or local Admins). Then you go to Start and right-click My Computer, and click Properties (System Properties).

On the advanced tab is a button for User Profiles. Delete the one that says <local computer name>\Administrator, or <domain name>\Administrator.

Don't forget to back up whatever Administrator folders you have (icons and such) from this directory:
C:\Documents and Settings\

Then, log an as the administrator and it will create a new Administrator profile in this directory. Next, copy your desktop, favourites, etc. folders to this new Administrator folder, and you should be back to normal.

The only ntuser.dat files you should avoid deleting are in All Users, or Default User. Of course avoid deleting any of them if you can! ;)

This file is essentially the HKEY_CURRENT_USER key from your registry.

As it is already deleted you will not change anything by doing the above. But your Admin profile will be a fresh profile. However, if you have Group Policies in place these will update the dat file as required from initialisation.

As I understand, all you really want is to log in as Administrator and have it the same as before. With the above you will achieve this as far as icons etc., but bear in mind that if you had made any specific registry changes (say, for example, printers added that only the Administrator needs and no one else), then you will need to make these changes again. And if you have any Office shortcuts, or such, then these may be reset as well. A lot of local customization is in the folders though, and not the dat file so you should be fine.

To make sure you back up the right profile, look for the Desktop folder in Docs and Settings\Administrator and make sure your icons are all there. If so, then copy that profile to the new one.

Remember though that in order to have a fresh Administrator profile, without the .0000 and such, you need to dlete all the Administrator profiles (folders) in Docs and Settings, after backing up.

The reason it does this is because when the system does not find the ntuser.DAT for the login, it creates a new folder for Administrator, but finds one already exists, so by default it does Administrator.0000. If you delete the ntuser.dat file from that one, and log in again, you will get Administrator.0001, etc.

This is why you need to delete the profiles to get back to normal. Because unfortunately (I tried this before a long time ago) you can't take an ntuser.dat from one of the other folders and put it in the original. You'll just get .0002 if you try! ;)

Anyway, if you have any more questions before you do it, just let me know.

Will
 
Upvote 0 Downvote
Thank you very much for the detail!
Now when I tried to delete the old administrator profile, I got an access denied error??

Any ideas as to why...?

Looking forward to hearing back from you


George
 
Upvote 0 Downvote
It'll be because you are logged on as a user without enough privieges.

Is this your server, or works? Do you adminsitare the domain\server?

Will
 
Upvote 0 Downvote
Right, first let me apologise.

When I "tested" by dleteing the Administrator profile yesterday, it didn't work completely. The prfile disappeared, but the UsrClass.dat file could not be deleted. Of course this is a key system file, so actually the Admin account is the exception to the rule as far as deleting and recreating.

Sorry.

So, I did a bit of research (I felt guilty), and found that you may indeed need to restore from backup the ntuser.dat file.

As far as I know, you cannot, unless you do a repair setup. But this will kill your SPs, and settings. So not really a good idea. However, it seems you may be able to create another local admin account, rename the old admin account, then fidle and delete the profile, and recreate it that way, but I'm not sure. I'll do some tests today and let you know.

In the meantime you can copy the old profile folders to the Administrator.0000 folder and have your icons back.

I'll post later today what i find.

Will
 
Upvote 0 Downvote
Right. There is no easy way to do this. You will either have to restore, or do a repair. Both options are not great.

By the way, I work in different locations daily, and it turns out the test server I used yesterday to test on did have a deletable Admin account... because the actual admin account had been renamed, and a low-access account called Administrator was created as a security measure. i.e. if someone tried to gain access they'd try the admin account but it would not work. Don't ask why, because I did not set this up. One of my team was trying an experiment! :)

So when I deleted it, it did delete the whole thing, and when I logged in as local Administrator it recreated the profile... buit it wasn't actually an admin account!!

Again apologies.

I'd be curious to know which route you follow though. The way i see it you have the following choices:

1. Restore from backup.
2. Repair install.
3. Copy icons from the old profile to the one you are currently using (Administrator.000) and just leave it the way it is. (probably the easiest way)

Will
 
Upvote 0 Downvote
No need to apologize, its fine! thanks for your follow up!

This happened at one of my clients the other day, and the route I took was to recreate the profile by just logging in i.e created Administrator.xxx,

Now for this: Before I log in with this newly created account, I get this message stating that its still trying to log in with the old Administrator account hence the message "Access Denied" cannot locate profile even though profile is there in Documents and Settings.

When I try to delete the old profile Administrator I get
"Cannot delete profile there has been a sharing violation or a process is still being used"...

Is there any easy way for me to blow out the old profile, since I would rather just use the new one after I have copied all the necessary shortcuts, favorites, etc....?
 
Upvote 0 Downvote
Unfortunately there isn't an easy way. That's what you should get. You see the local Admin is used by key services and the OS at a lower level than you see as a user (even as administrator). So the only way to delete the folder would be to boot to dos, or to the repair console and delete it from a command prompt. However, once you have done this, I don't think Windows would work because the services that use that profile won't be able to start.

The reason you get access denied isn't because of rights, it's because there are files in use in that account's folder.

As was mentioned above, you could try acessing a backup job, locating and restoring the ntuser.dat file. Then, booting to DOS or with the repair console, copy the ntuser.dat file back into the correct folder (without extension). Then, log on as you, delete the Administrator.0000 set of folders, and then log on as Administrator to make sure it worked.

Will
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Continuous RDP disconnection/reconnection for administrator user
Replies
5
Views
73
goombawaho
goombawaho
Mindly
  • Locked
  • Question
Can't log into SBS 2011 server with accounts that have administrator priviledges
Replies
0
Views
36
Mindly
Mindly
intel233
  • Locked
  • Question
Builtin Administrator Group
Replies
1
Views
29
juniper911
juniper911
intel233
  • Locked
  • Question
Remove Local Administrator from Administrators Group
Replies
3
Views
45
karlisi
karlisi
rwsjbs
  • Locked
  • Question
Administrator rights disappear from local Computer
Replies
0
Views
26
rwsjbs
rwsjbs

Part and Inventory Search

Sponsor

Back
Top