Can't delete ntuser.dat file to remove profiles after reboot

Posted by Matrix Mole on Server Fault See other posts from Server Fault or by Matrix Mole
Published on 2010-06-08T18:13:39Z Indexed on 2010/06/08 18:23 UTC
Read the original article Hit count: 235

Filed under:

I've ran into an issue where some servers will not release the handle on the ntuser.dat file even after a reboot. Or quite possible, after the reboot, the ntuser.dat file is getting re-loaded into memory. The user accounts are definitely not being accessed (some of them belong to users that have not been with the company in over a year). It seems to be on Windows 2003 servers, but I can't be 100% certain that there aren't some 2000 servers showing this issue as well.

When I try to use process explorer or handle.exe from sysinternals to kill the handle on these ntuser.dat files, the handle remains open and connected. Handle.exe even reports that the handle was broken while it remains in use. I've even taken ownership on the file and tried to kill the handle to no effect (windows shows I have ownership of the file, but still refuses to release the handle).

I have looked into the registry to see if I can discover where the files may be getting loaded at. Unfortunately, the username is appearing in too many places for me to be certain which one is actually loading their reg file into memory.

Any suggestions on how I can either break the handle on the files, or prevent them from getting re-loaded after a reboot?

© Server Fault or respective owner

Related posts about windows-server-2003