When deleting user profiles, it is advisable to use the built-in GUI (graphical user interface) interface in Windows (Start >> System >> Advanced System Settings >> User Profile – Settings). This should delete all references in the registry, and the user’s profile folder (normally located in C:\Users). But what if this doesn’t work as it should?
This past week I ran into a system which was heavily infected with various malware. This was a Windows 2008 R2 Remote Desktop server, but this could have just as easily happened to a system running Windows 7 or Windows 8, or even Windows 2012.
One of the steps I had to take, to cleanup the malware, was recreating a specific user profile. Because of the malware infections, the user profile deletion did not complete successfully. Since parts of Windows thought there was still a profile, logging in as the user resulted in using a temporary profile instead of automatically creating a new one. Also, because of this I was no longer able to access the GUI tool to see/delete local user profiles. So now what?
Well, luckily I found a solution pretty quickly and it was not too difficult, but required some close attention:
- First, make sure the profile folder in C:\Users was completely gone.
-
Find the user’s SID (security identifier):
- From a command prompt type: wmic useraccount get name,sid (type exactly as shown)
- In the registry, expand HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList and find the key named with the SID of the desired user. Right clicking on the key, export to the desktop (you’ll need this in the next step). Right click on the folder and delete the key.
- Using Notepad, I open the registry export from the previous step. Find the GUID for the desired user. In the registry expand HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileGuid and find the key named with the GUID of the desired user. Right-click on the folder and deleted the key.
Now when you login as that user, Windows should automatically create the local profile.
3 comments
Hi Robert,
Thanks for the information in this article http://www.robertborges.us/2014/07/questions-answers/how-to-delete-a-user-profile-from-the-registry/ . It does leave me with a couple questions I am hoping to get answered. My issue stems from summer cleanup at a small school district, where I am the technology person performing the summer cleanup of student used laptops and computers in labs. As per my supervisors instructions, I delete user folders from C: Users. We also have intermittent issues with Temporary Profiles and get .bak entries in the ProfileList section of the registry. As part of this, we delete at least all the .bak entries, or all student entries in the ProfileList. Randomly/intermittently after some part of this summer cleanup, we get computers/laptops, which will not allow students/anyone not remaining in the ProfileList or in the Windows 7 GUI of Users, to log in. We get the message, “The User Profile Service service failed the logon. User profile cannot be loaded.”
My questions come as I am trying to identify a cause of and solution for this issue.
1. What does the ProfileGuid portion of the registry do, and will deleting student SID’s from this area have any effect on my issue?
2. What else can be done, besides re-imaging the computers?
Author
Temporary profiles can be created for many reasons. Most commonly I see them caused by either corruption in the user’s profile, or communication issues with the AD servers.
Corruption could be disk related or even be caused by malware. It probably wouldn’t hurt to run a scan on problematic machines with something like ESET’s Free Online Scanner to check for infections, and SpinRite to check for problems on your internal HDDs and SSDs. If you find any corruption in your Active Directory whatsoever, make sure you take care of it now. AD corruption problems only get worse over time, and can cause major issues. There have been many times where I’ve got an AD specialist with MS Paid Support involved to correct AD corruption or sync issues… they are that important!
It sounds like this is happening on many client computers in your environment. I suggest also checking to make sure the domain controllers aren’t locked down too much by security software… especially software firewalls running on the DCs. I can’t count the number of AD, Profile, and GPO problems I’ve found which were caused by a software firewall the server admin didn’t even know was bundled with their AV.
Hi Robert,
Thanks for your reply. If I understand you correctly, you think it might be possible that we might have an infection, unknown firewall software, or corruption on the server running the Active Directory at our district, which may be causing the Temporary Profile issue. Is this correct?
Since posting my original questions, I did learn a solution to the issue where users can’t log in and get the “The User Profile Service service failed the logon. User profile cannot be loaded.” message. The solution is to replace the “Default” user folder under C:\Users with one from an identical computer running the same OS. Thankfully, I have access to computers where the User Profile is not corrupt, so I can copy the Default folder and replace the affected one. This of course wouldn’t work for some individuals, unless they have a backup they could access. I have verified this solution does correct the issue, where users cannot log into the computer. It does not prevent or correct the Temporary Profile issue.