Troubleshooting Temporary profile charge dat logon

When you are an issue like temporary profile charged on logon instead of your profile, what I do ?

 

How to Disable and Delete User Profiles ?

 

Find on Microsoft support website sources

 

To Disable User Profiles

  1. Restart your computer. At the Windows logon screen, click « Cancel »
  2. Go to « Start » menu, point to Settings, select « Control Panel », and then double-click on « Passwords »
  3. On the « User Profiles » tab, click « All users of this PC use the same preferences and desktop » and click « OK »
  4. When you are prompted to restart the computer, restart it.

To Remove Existing User Profiles

For more protection, back up your registry before you modify it. After, if need, you could be restore the registry.

  1. With Regedit, remove the appropriate User name keys from the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProfileList

    To remove all profiles, remove the ProfileList key!

  2. Exit when is finish
  3. Go to « My Computer » or « Windows Explorer » to remove the appropriate Windows\Profiles\User name (folders)
  4. To remove all profiles, remove the Windows\Profiles folder.

Delete registry key

Rename the registry key with ‘.bak’ for example.

The hive :

« HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CurrentVersion\ProfileList\ »

You can see all builtin users like administrator, guest and so one like

  • S-1-5-18
  • S-1-5-19
  • S1-5-20
  1. Start by « S » for Security I think.
  2. Second « 1 » for the structure
  3. Next we can read the ID autority value « 5 » for « SECURITY_NT_AUTHORITY »
    1.  » 32″ = sub authority Value « SECURITY_BUILTIN_DOMAIN_RID »
    2. « 544 » = second sub authority value « DOMAIN_ALIAS_RID_ADMINS »

More détails : sources

  • 500 – Administrator
  • 501 – Guest
  • 502 – krbtgt
  • 512 – Domain Admins
  • 513 – Domain Users
  • 514 – Domain Guests
  • 515 – Domain Computers
  • 516 – Domain Controllers
  • 544 – Built-in Administrators
  • 545 – Built-in Users
  • 546 – Built-in Guests

Your personnal profil had a security ID more length. The domain controllers add information to build the SID :

  • ID of forest,
  • ID of domain,
  • ID on the range available by the RID  (Relative IDentifier) Master  – one role of FSMO master

You can find it on the attribute editor on the AD user objet or use « psgetsid »

More RID information : how is replicated on a domain

Example domain admin is already « S-1-5-32-544″

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

 

–> plusieurs sous-dossiers dans « ProfileList« . Supprimez celui qui a une extension « .bak » à la fin de son nom.

 

Troubleshooting the issue with Microsoft

 

Issue

You have a temporary random profile problem on one of your servers running Windows 2012R2. Several administrators are logging on and you all have the problem.

To fix it, you delete the .bak profile entry in the registry but the problem comes back after.

 

Resolution 

Need to resolve the temporary profile problem.

  1. Run the data collection tool by running the .diagcab tool before deleting the registry keys
  2. Install the following commands after logging in normally

netsh trace start capture=yes filemode=circular persistent=yes overwrite=yes maxsize=1024 report=yes tracefile=c:\%computername%_netsh.etl

logman create trace « ds_security » -ow -o c:\%computername%_ds.etl -p « Microsoft-Windows-Winlogon » 0xffffffffffffffff 0xff -nb 16 16 -bs 1024 -mode Circular -f bincirc -max 4096 -ets

logman update trace « ds_security » -p {xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx} 0xffffffffffffffff 0xff -ets

logman update trace « ds_security » -p {xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx} 0xffffffffffffffff 0xff -ets

logman update trace « ds_security » -p {xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx} 0xffffffffffffffff 0xff -ets

logman update trace « ds_security » -p {xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx} 0xffffffffffffffff 0xff -ets

logman update trace « ds_security » -p {xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx} 0xffffffffffffffff 0xff -ets

logman update trace « ds_security » -p {xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx} 0xffffffffffffffff 0xff -ets

As soon as the problem recurs, you stop the traces with the following commands

 

logman stop « ds_security » -ets

netsh trace stop

The logs are circular and should not occupy much space.
As soon as the problem recurs, run the tool and send it back to me with the files ETL c:\%computername%_ds.etl et c:\%computername%_netsh.etl
logo2 itconsult

Laisser un commentaire