You get disk space alerts on an Active Directory member server where the Centrify Connector is installed.
The disk space alerts may be caused by the creation of local user profiles on the host machines running the Centrify Connector. The local user profile can be created for users who have never logged on to the Centrify Connector host. The profiles get created by the Directory Services API when the call for “ChangePassword” is triggered. The call is triggered when both of these conditions are met:
- User uses the self service password reset option from Admin Portal > Profile > Security tab.
- User has rights to “Logon Locally” to the connector host.
You can prevent the creation of local user profiles by following these procedures. These procedures will not delete the profiles already created; they only prevent the creation of more profiles.
To prevent the creation of local user profiles:
Log in as an Administrator and open the Local Group Policy Editor by typing gpedit.msc in the Run box.
Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
Click Allow log on locally and remove "Users" and "Backup Operators".
- Click Apply.