win 7 xp...單機登入時出現【參考到的帳戶目前已鎖定，且可能無法登入】

通常登入電腦會出現【參考到的帳戶目前已鎖定，且可能無法登入】表示登入帳號已經被鎖定，如是Domain User則需請AD管理員處理。

如是單機的使用者如依下列如式處理即可:

條件1:您必須有一個管理者權限帳號可以登入(如果沒有，此方式無效)，假設為admin，被鎖定的帳號為user。

利用admin登入，控制台--＞使用者管理員--＞管理使用者帳號--＞進階Tab--＞進階使用者管理--＞進階--＞使用者--＞找出被lock的user解除lock即可。

Event ID 50 TermDD(使用遠端桌面連線到PC出現偵測出通訊協定資料串中有錯誤，已經中斷用戶端連線)

請注意TermDD 50出現會有很多因素，其中一種現在的描述如下：
RDP 通訊協定元件 "DATA ENCRYPTION" 偵測出通訊協定資料串中有錯誤，已經中斷用戶端連線
可用以下方式解決，我有使用過OK。

To resolve this issue, follow these steps:

1. Start Registry Editor.
2. Locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TermService\Parameters
3. Under this registry subkey, delete the following values:
   • Certificate
   • X509 Certificate
   • X509 Certificate ID
4. Quit Registry Editor, and then restart the server.

使用者設定檔，Roaming Profile之設定，可強制某PC不使用Roaming Profile

請參考MS的文件 http://technet.microsoft.com/en-us/library/cc738596(WS.10).aspx


利用Group Policy中的Computer Configuration\Administrative Templates\System\User Profiles\只能使用本機使用者設定檔   & 防止漫遊設定檔的變更傳播到伺服器 即可。
If you enable both the Prevent Roaming Profile changes from propagating to the server setting and the Only allow local user profiles setting, roaming profiles are disabled for that computer.

以下為詳細說明:

Configuring Roaming User Profiles

Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Before you create a roaming user profile, you need to create each user account. Then, log on to a server as an administrator to create a network share to store the roaming user profiles, designate the groups of users to receive the roaming user profiles, and grant all users Full Control permissions.
Use the following procedures when you create and manage roaming user profiles.

Creating Roaming User Profiles

To perform the following procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. For enhanced security, consider using the Runas command to perform this procedure.

To create a roaming user profile

1. Open Active Directory Users and Computers.
   
2. Click the domain and the OU where the user account resides.
   
3. Right-click the user account for which to set a roaming profile, and then click Properties.
   
4. Click the Profile tab, and then type the profile path information in Profile path. (Use the full path in each user account. For example, type \\Server\ShareName\UserName.)
   

Another way to populate the profile path is to use an Active Directory® Service Interfaces (ADSI) script. ADSI provides a single set of interfaces for managing resources on the network. You can use ADSI in combination with Microsoft® Visual Basic® Scripting Edition (VBScript) or JScript scripts to manage Active Directory resources such as users and services.
For information about ADSI and ADSI scripts, see the Microsoft Platform SDK link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Changing User Profile Type from Local to Roaming

Typically, a large organization has many users with local profiles. For ease of management, you might want to change many of the local profiles to roaming profiles. Moving user’s data and settings from the workstation to a server reduces the user’s dependence on the workstation’s availability, simplifies user data management, and allows centralized account management.

To create a roaming user profile for a user that has a local profile

1. Open Active Directory Users and Computers.
   
2. Click the domain and the OU where the user account resides.
   
3. Right-click the appropriate user account for which to set a roaming profile, and then click Properties.
   
4. Click the Profile tab, and type the profile path information in Profile path (for example, type \\Server\ShareName\UserName).
   

Note

• To change a user’s local profile to a roaming profile for a user who uses multiple computers simultaneously, the user must log off last from the computer that has the profile that the user wants to use.
  

Disabling Roaming User Profiles on Certain Computers

You can prevent computers from receiving roaming profiles by enabling the Only allow local user profiles policy setting, which blocks roaming profiles from being used on a computer. By default, when roaming profile users log on to a computer, the user’s roaming profile is copied to the local computer. If the user has previously logged on to this computer, the roaming profile is merged with the local profile. Similarly, when the user logs off from this computer, the local copy of the profile, including any changes the user made, is merged with the server copy of the profile.
If you enable the Only allow local user profiles policy setting, the following occurs on the affected computer: When the user first logs on, the user receives a new local profile instead of the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile.
If you enable both the Prevent Roaming Profile changes from propagating to the server setting and the Only allow local user profiles setting, roaming profiles are disabled for that computer. These policy settings are in the Computer Configuration\Administrative Templates\System\User Profiles node.