Windows saved registry while an application was still using it

  • Thread starter Thread starter Admin
  • Start date Start date
A

Admin

On my WinXP Pro SP1 system while using the built in Administrator
account, if I check the "Event Viewer" and look at the Application
Log, I see warning messages stating:


"Windows saved user Xyz\Administrator registry while an application or
service was still using the registry during log off. The memory used
by the user's registry has not been freed. Ther registry will be
unloaded when it is no longer in use.

This is often caused by services running as user account, try
configuring the services to run in either the LocalService or NetWork
service account."


I have configured ALL services to run as LocalService, but these
warning messages do not go away.

Any ideas as to what to do to correct the situatrion these warning
messages point to ?

Any help would be greatly appreciated.

Matt
 
You will have something of a hunt for this one.
Something you can try is keeping an eye on what is
running just before you log off and try to correlate
with when this is recorded in the log.
Try using Task Manager to view the running processes
the next few times you go to log off, and especially pay
attention to non-Microsoft software that is running.
 
Using Process Explorer I identified all non-microsoft processes
running under NTAuthority/System and killed them one by one followed
by a restart, the ONLY shutdown-restart that did not produce the
warning in question was the one triggered automatically when I killed
the process" Winlogon.exe", it was not identified as a Microsoft
process therefore, I tried killing it and it shutdown-restart my
system.

With this info, any ideas how to fix this warning?

Thanks

Matt
 
Winlogon is part of the OS, it handles the initial login
dialog and tells the system to start the user login processes.

So it seems you have not found a process that, when you make
sure it is not running at logoff, by being absent results in the
message not happening. I am not sure why you focused on only
processes running as system, since processes running as your
account could also be responsible for this.

You could next try to see whether there is a service that is
running that is responsible for having a handle to your user
info. These Normal behavior would be for these to release
that handle when they are signaled, and for them to call back
to the signaler saying they have done so. Here again, I would
only focus on non-Microsoft services that you see listed in
services.msc However, you have probably covered the bases
here when you used TaskManager and worked with the processes
that were running as System.
 
I limited myself to the processes running under NTAuthority/System
because the warning message in question identifies the User of the
misbehaving process as NTAuthority/System and it reports the Source as
Userenv. (I do not know the significance of the entry under the
Source).

I have checked all non Microsoft processes.

Could a corruption somewhere in the system can cause a Microsoft
process not to release the handle when signaled for shutting down the
station and therefore cause the warning messages?

Thanks

Matt

__________________________________________
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

unwanted pop-up at start 4
Cannot load profile Event ID: 1500 0
Local Profile too large 1
I get a warning about registry in use 1
Application events viewer 3
Configure services to run as Local or Network service, how? 4
Error Id 1517 1
Registry Error 1

Back
Top