HKEY_USERS hives loaded when users not logged on

[jjjdavidson]

Under what circumstances can a user's registry hive under HKEY_USERS remain
loaded (or get reloaded) after a Windows XP system is rebooted--but before
the user logs on? I'm hearing about users who are losing their local profile
because their hive is in use even after a reboot.

We use an antispyware program that loads all the user hives while it runs.
If it crashes, the hives it loads don't unload from HKEY_USERS; a reboot
normally clears this up. But a very few users are reporting that the
HKEY_USERS entries persist even AFTER a reboot (which I didn't think was
possible). I've not been able to see it for myself; someone else unloaded
the hives manually before I saw them.

What can cause a hive under HKEY_USERS to remain open?

Thanks!
Jay

 

[nass]

Under what circumstances can a user's registry hive under HKEY_USERS remain
loaded (or get reloaded) after a Windows XP system is rebooted--but before
the user logs on? I'm hearing about users who are losing their local profile
because their hive is in use even after a reboot.

We use an antispyware program that loads all the user hives while it runs.
If it crashes, the hives it loads don't unload from HKEY_USERS; a reboot
normally clears this up. But a very few users are reporting that the
HKEY_USERS entries persist even AFTER a reboot (which I didn't think was
possible). I've not been able to see it for myself; someone else unloaded
the hives manually before I saw them.

What can cause a hive under HKEY_USERS to remain open?

Thanks!
Jay

Try the UPHCS, reboot your machine after the installation.
User Profile Hive Cleanup Service

http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

 

[JS]

Try UPHClean:
"User Profile Hive Cleanup Service"
http://www.microsoft.com/downloadS/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

JS
http://www.pagestart.com

 

[jjjdavidson]

We're already running UPHClean on our systems (because of Windows Defender).
UPHClean isn't going to help, though, because the problem isn't when users
log off; it's when our spyware scanner fails to unload the user hives that it
loads directly (while the user ISN'T logged on). These hives are loaded
under a string name, not the user's SID.

Allegedly, some of the user hives are remaining locked (loaded by the
administrator account) even AFTER a complete system reboot, and I'm trying to
find out what, if anything, can cause that.

Thanks!
Jay

 

[nass]

Jay why you using the Spyware Program to keep a copy (Image if want to call
it) and restore it?
This mean the Anti-spyware programs not releasing the Memory usage and not
completing the Job (changing the Reg hives).
If you mean by this, not allowing User to make chnages on the Os and their
work saved to another location why you don't use an image that reinstall
itself or clear any changes made by the user?
Forgive me if I misunderstood your point here, but we need more
clarification about why using a Spware program to restore Hives.

Can you check the Event log for any clues about error fo a specific apps
interfering in the process!

 

[jjjdavidson]

I'm not "keeping a copy" of the users' registry hives. The spyware scanner
loads the user's existing hive temporarily, so it can scan the user's
registry settings for spyware. The scanner runs under an administrator
account, and loads the hives for limited users by name into HKEY_USERS.

The problem is that--allegedly--the user's hive is sometimes remaining
loaded in HKEY_USERS, and therefore locked away from the user, even after a
full system reboot.

All I'm trying to find out is what circumstances, if any, can leave a
registry hive loaded in HKEY_USERS, when the system has just been rebooted
and the user has not yet logged on.