Deleting a Local User Profile – Not as easy as one Might Assume

In many environments it is a common practice to delete user profiles prior to conducting tests in order to start with a clean slate. However, this may prove more difficult than anticipated.

Most people think that a local user profile only consists of the directory %USERPROFILE% typically located below C:\Users on Vista and Server 2008 (and newer). But there is more. Windows keeps track of the local profile incarnations in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. For each locally stored profile a subkey is created whose name is set to the profile owner’s SID. Here is the content of a sample ProfileList subkey:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1659004503-1788223648-1417001333-500]
"ProfileImagePath"="%SystemDrive%\Documents and Settings\Administrator"
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,57,66,e2,62,a0,20,96,6a,75,b9,75,54,f4,01,00,00
"Flags"=dword:00000000
"State"=dword:00000100
"CentralProfile"=""
"ProfileLoadTimeLow"=dword:224c9af0
"ProfileLoadTimeHigh"=dword:01c92f98
"RefCount"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"OptimizedLogonStatus"=dword:0000000b

How Not to Delete a Profile

Now, what happens if you simply delete the user profile directory below C:\Users without modifying the registry? The next time the user logs on Windows displays a balloon tip whining that Windows could not load the user profile and that the user was logged on with a temporary profile. Is that bad? Yes! Temporary profiles are a last resort if Windows cannot load the user profile. Upon logoff they are deleted and all data is lost. That certainly is a reason to avoid them.

The Right Way

If you need to delete a profile, either

  • make sure to delete the profile directory and the associated ProfileList subkey, or
  • open the control panel applet “System Properties” by running sysdm.cpl and delete the profile from there.

What if I Already Deleted a Profile the “Wrong” Way?

If Windows finds a ProfileList subkey matching your SID without an associated profile directory it backs up the ProfileList subkey. Prior to creating the temporary profile the ProfileList subkey is renamed to SID.bak. About the reason for that strange behavior I can only speculate. Maybe someone thought this would facilitate restoring the original state from a backup.

Whatever the reason, once you got a temporary profile the SID.bak key lingers in the registry. It needs to be deleted to get back to normal profile behavior.

What About XP and Server 2003?

The behavior described in this article applies to Vista, Windows 7 and Server 2008 (including R2). Their predecessors XP and Server 2003 use a more simplistic approach. If a ProfileList registry subkey exists but the corresponding directory is not accessible, they simply create a new local profile and overwrite the data in the ProfileList key. Not even an event is logged to the Windows event log.

This behavior is certainly simpler but at the same time much more realistic. Not every change is for the better…

References

MS KB: A temporary profile is loaded after you log on to a Windows Vista-based system
MS KB: A temporary user profile is created every time that you log on to a Windows Vista-based computer that is connected to a domain

11 Responses to Deleting a Local User Profile – Not as easy as one Might Assume

  1. Oliver Hext October 17, 2008 at 14:17 #

    I would also be interested as to why Vista works this way, XP days you could just delete the old profile, no registry stuff, this had me scratching my head, thanks for the article.

    Cheers

    Oliver

  2. Steven December 2, 2008 at 20:34 #

    but I have a 2008 terminal server that uses local profiles (we dont use terminal server roaming profiles), inevitably the profiles fill up the disk

    Is there an automated way to delete the profiles? It’s just not good to have to keep deleting profiles manually :(

  3. Joe Shonk December 9, 2008 at 23:18 #

    Hello,

    Manually deleting the ProfileList key and Directory isn’t enough. I have create a DeleteProfile.vbs script that will automatically delete profiles from a workstation/server. The nice thing is it is a script so you can modify it and/or learn from it.

    http://www.theshonkproject.com/index.php?option=com_content&task=view&id=50&Itemid=1

    Joe

  4. Ross January 9, 2010 at 01:30 #

    So i did it the “wrong” way. Then I went in and deleted the SID.BAK.
    Now when I attempt to login it says, “ACCESS DENIED” …
    Any ideas?

  5. Emil April 5, 2010 at 19:27 #

    Logon as administrator and go into Computer – properties – Advanced Settings – Advanced tab – User Profiles and delete the profile there.

  6. Tim Irving May 23, 2013 at 13:50 #

    I am running Win 7 Enterprise 64bit, when I try to delete a profile using delprof2 on my PC (I am admin) I got the error message: Could not dlete ProfileList entry. Leaving profile alone. Error: Access is denied. What am I missing? I’ve tried to run the command line in a batch file as Administrator with no success. Delprof2 worked like a charm on our XP boxes, we love it. Can you assist?

  7. Ahmad July 31, 2014 at 21:58 #

    Hello,
    Thank you very much. Super!

  8. Tibi May 6, 2017 at 13:31 #

    Thank You!

Leave a Reply