Deleting a Local User Profile – Not as easy as one Might Assume
In many environments it is a common practice to delete user profiles prior to conducting tests in order to start with a clean slate. However, this may prove more difficult than anticipated.
Most people think that a local user profile only consists of the directory %USERPROFILE% typically located below C:\Users on Vista and Server 2008 (and newer). But there is more. Windows keeps track of the local profile incarnations in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. For each locally stored profile a subkey is created whose name is set to the profile owner’s SID. Here is the content of a sample ProfileList subkey:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1659004503-1788223648-1417001333-500]
"ProfileImagePath"="%SystemDrive%\Documents and Settings\Administrator"
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,57,66,e2,62,a0,20,96,6a,75,b9,75,54,f4,01,00,00
"Flags"=dword:00000000
"State"=dword:00000100
"CentralProfile"=""
"ProfileLoadTimeLow"=dword:224c9af0
"ProfileLoadTimeHigh"=dword:01c92f98
"RefCount"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"OptimizedLogonStatus"=dword:0000000b
How Not to Delete a Profile
Now, what happens if you simply delete the user profile directory below C:\Users without modifying the registry? The next time the user logs on Windows displays a balloon tip whining that Windows could not load the user profile and that the user was logged on with a temporary profile. Is that bad? Yes! Temporary profiles are a last resort if Windows cannot load the user profile. Upon logoff they are deleted and all data is lost. That certainly is a reason to avoid them.
The Right Way
If you need to delete a profile, either
- make sure to delete the profile directory and the associated ProfileList subkey, or
- open the control panel applet “System Properties” by running sysdm.cpl and delete the profile from there.
What if I Already Deleted a Profile the “Wrong” Way?
If Windows finds a ProfileList subkey matching your SID without an associated profile directory it backs up the ProfileList subkey. Prior to creating the temporary profile the ProfileList subkey is renamed to SID.bak. About the reason for that strange behavior I can only speculate. Maybe someone thought this would facilitate restoring the original state from a backup.
Whatever the reason, once you got a temporary profile the SID.bak key lingers in the registry. It needs to be deleted to get back to normal profile behavior.
What About XP and Server 2003?
The behavior described in this article applies to Vista, Windows 7 and Server 2008 (including R2). Their predecessors XP and Server 2003 use a more simplistic approach. If a ProfileList registry subkey exists but the corresponding directory is not accessible, they simply create a new local profile and overwrite the data in the ProfileList key. Not even an event is logged to the Windows event log.
This behavior is certainly simpler but at the same time much more realistic. Not every change is for the better…
References
MS KB: A temporary profile is loaded after you log on to a Windows Vista-based system
MS KB: A temporary user profile is created every time that you log on to a Windows Vista-based computer that is connected to a domain
11 Comments
I would also be interested as to why Vista works this way, XP days you could just delete the old profile, no registry stuff, this had me scratching my head, thanks for the article.
Cheers
Oliver
but I have a 2008 terminal server that uses local profiles (we dont use terminal server roaming profiles), inevitably the profiles fill up the disk
Is there an automated way to delete the profiles? It’s just not good to have to keep deleting profiles manually :(
Hello,
Manually deleting the ProfileList key and Directory isn’t enough. I have create a DeleteProfile.vbs script that will automatically delete profiles from a workstation/server. The nice thing is it is a script so you can modify it and/or learn from it.
http://www.theshonkproject.com/index.php?option=com_content&task=view&id=50&Itemid=1
Joe
So i did it the “wrong” way. Then I went in and deleted the SID.BAK.
Now when I attempt to login it says, “ACCESS DENIED” …
Any ideas?
Logon as administrator and go into Computer – properties – Advanced Settings – Advanced tab – User Profiles and delete the profile there.
I am running Win 7 Enterprise 64bit, when I try to delete a profile using delprof2 on my PC (I am admin) I got the error message: Could not dlete ProfileList entry. Leaving profile alone. Error: Access is denied. What am I missing? I’ve tried to run the command line in a batch file as Administrator with no success. Delprof2 worked like a charm on our XP boxes, we love it. Can you assist?
Please ask questions related to Delprof2 in the forum (https://helgeklein.com/forum/).
Hello,
Thank you very much. Super!
Thank You!