doing RESTORE created new administrator account. Why?

  • Thread starter Thread starter GrandpaFerret
  • Start date Start date
G

GrandpaFerret

I recently wanted to go back in time on my winXP box and used "system
restore" to go back to a known good point in time.

All went well, except that for some strange reason doing this caused winXP
to create a new profile (named "Administrator.<hostname>") and use it instead
of the perfectly good profile named "Administrator".

Why? How can I keep this from happening in the future?
How, short of using regedit, can I go back to the old profile name (maybe
just deleting the profile called "administrator" and renaming the new one to
have the name "administrator".

thanks,
 
GrandpaFerret said:
I recently wanted to go back in time on my winXP box and used
"system restore" to go back to a known good point in time.

All went well, except that for some strange reason doing this
caused winXP to create a new profile (named
"Administrator.<hostname>") and use it instead of the perfectly
good profile named "Administrator".

Why? How can I keep this from happening in the future?
How, short of using regedit, can I go back to the old profile name
(maybe just deleting the profile called "administrator" and
renaming the new one to have the name "administrator".
Click to expand...

Don't just go *deleting* something. There may be a reason the new profile
got created (something defective in it, etc). Plus - why are you using the
built-in administrator account anyway? Bad plan.

In any case - reboot and logon as any other user (other than
"administrator") with administrative level access. Rename the
"administrator.<hostname>" account to "administrator.OLD" and rename the
"administrator" account to "administrator.<hostname>". Reboot. Log on as
"administrator". That work?

(Truthfully - the registry edit thing works just as well.)

If it doesn;t work - then *something* is wrong with that old profile. Copy
the data (My Documents, Desktop, Start Menu, Email profiles, etc) from the
old profile into the new one and just continue using it.
 
Thanks for the help!

The "problem" profile should have been "clean"... it was created very
recently as part of an OS reload (from scratch, disk wiped, using unattend).
I cant imagine why windows thought there was a problem with it.

It is very good to know that it did think there was a problem and that was
the reason why it created the new profile.

Shenan,

Is there any log file left lying around that would tell me what the OS found
objectionable in the profile?

And yes, I know. I am a long time UNIX sysadmin and know better then
leaving root lying around... but last time I checked (windows 98 probably) we
were stuck with the Administrator account in windows. I will check into if
it can be removed in XP or not now that you have fussed at me about it. :)

Anteaus - thanks for the link. Maybe this tool can shed some light on why
XP thought the old profile was bad.

Thanks to both of you.
 
The built in Administrator account cannot be removed. However, you can
rename the account to something less obvious. And, you should give it a
password which is not obvious to one and all.
Jim
 
Thanks Jim. Saved me a bit of research. Appreciate it.

reprofiler did not turn up anything interesting at first blush... just that
the old admin profile exists and is not associated with a user.

One thing I noticed after I made the orignal post in this thread....

I dont know how to explain this.... its an area of XP i have never
understood. To put it in UNIX terms, in XP there is what seem to be a "hard
link" aka ln(1) to each users "my document" directory in the profile from "my
computer". Now, "my computer" has always struck me as a strange beast....

Anyway, after I did the restore (which broke the link to the old Admin
profile and setup a new profile Administrator.<hostname>).... this "hard
link" disappeared... at the My Computer "folder" I have Shared Documents,
user1's Documents, user2's Documents, etc... but no Administrator's Documents
(or Administrator.<hostname>'s Documents)

Could someone expound on this sub-topic for me?

Still hoping (previously ask) for info on how to tell what it was XP did not
like ab out the original administrator profile.

Thanks
 
I went to take a look at the old Administrator's profile using regedit... and
guess what. ntuser.dat is missing! There is a ntuser.dat.LOG, but the user
profile itself is missing.

How in the heck did system restore screw things up that badly?

That profile was there and healthy (more or less) at the time I made the
restore point.

Looks like a bug in XP to me.
 
Almost certainly there has been disk corruption, and probably chkdsk has
deleted the file in a startup scan.

You may be able to recover a copy of it from the system-restore data as
follows:

http://support.microsoft.com/kb/307545

This page refers to restoring the system registry, but the user registry is
backed-up too. You need to find the SID of the administrator user, and locate
the appropriate REGISTRY_USER_NTUSER file inside the "System Volume
Information" folder.

You don't need to use the recovery console for this, but you need to give
the Administrators group read permissions to the System Volume Information
folder.

Reprofiler lists the account SIDs, scroll the user-window rightward to see
them. The Administrator SID is usually 1-5-21-something-500

There may be several restore points, you need to decide which to use, Once
you've identified the right REGISTRY_USER_NTUSER file in the restore-point's
snapshot folder, copy it into the profile and rename it NTUSER.DAT
 
Back
Top