Weird problem the last couple of days on our network - when everyone logs
into their pc, they effectively get a new profile. Their old profile folder
in documents and settings is there, but not shown as a profile. Going into
control panel/users and re-adding their domain account puts everything back
as it should be.
Same happened again this morning, so I checked the event log on the server.
Strangely, the 3 or 4 domain admin users we have each had an event logged
removing them from the builtin\administrators group. This was exhibitied by
the fact I could no longer log onto the server as myself, and had to use the
actual admin account. I got a "the policy of this system does not allow you
to log on interactively..." error, alhough the local policy doesn't specify
this. Adding the users back into Builtin\admins fixed this.
Next thing I noticed is I cannot get into either the Domain Security Policy
snapin, nor the Domain Controller Security Policy snapin. Both give the
"Failed to open group policy object, you may not have appropriate rights",
"An invalid dn syntax has been specified".
I assume that somewhere something has screwed up, and there is a permissions
"corruption" that is causing all these problems, but Im not really sure
where to start. There aren't any obvious looking errors on either the client
pcs' nor the servers, so Im a bit stumped!