VPN domain user account re-creation trick

I’m sure I’m not the only one who has faced this problem. How to re-create domain user account profile on remote machine when only VPN connection is available? It took me a while to figure this out, but it was worth it cos the trick is working nicely.


Step by step if you have no remote desktop access such as VNC, PcAnywhere

Tools needed: PSTools, temporary domain user account (with no admin rights!) for user to login and launch VPN.

1. Ask user to login with his existing user account and connect to VPN,

2. Open Command Prompt on your machine and psexec to user’s PC by running psexe.exe \\usershostname cmd

3. Once you are connected run the following command: C:\>runas /env /profile /user:domain\testuser cmd.exe

4. this will return with: Enter the password for domain\testuser: enter your test user’s password

5. Then you will get the following message: Attempting to start cmd.exe as user “domain\testuser” …

6. If the testuser account credentials are correct, this will not only run CMD as test user but will also create local user profile.

7. Once profile is created, give test user logon credentials to the user , ask to login and connect to VPN.

8. Go back to your PSTools Command Prompt, browse to C:\Users and rename user’s profile by executing the following command: rename userprofile userprofile_old, or simply browse \\userhostname\c$ to do so.

9. Create new user’s profile by executing this command C:\>runas /env /profile /user:domain\user cmd.exe – you will need user’s password.

10. Once this is done, ask user to logoff and log back on with his credentials. Then remove test account and copy user’s stuff from old to new profile.

Step by step if you do have remote desktop access such as VNC, PcAnywhere.

1.  Remote-in to user’s machine when user is logged in.

2. Run CMD as different user (admin account)

3. Execute the following command: runas /env /profile /user:domain\testuser cmd.exe and setup test account.

4. ask user to logoff, then log back on with testuser account.

5. Run CMD as different user (admin account) and rename user’s profile by executing rename userprofile userprofile_old or you can try to rename it using Windows Explorer.

6. Execute runas /env /profile /user:domain\user cmd.exe and ask user to type his password in when prompted.

7. Ask user to logoff and log back on with his own account. Copy stuff from old profile, delete testaccount.

Leave a Reply

Your email address will not be published. Required fields are marked *