Once in a while we hit the wall when troubleshooting a problem with an application.
After running the troubleshooting gamut with the “problematic” application behaving in any other profile on that system, it becomes obvious that there is some sort of corruption in the afflicted user’s local profile.
Windows Server and Desktop
For a standalone Windows Server or Windows Desktop machine the following is the process to reset a local profile.
- Reboot the problematic system
- Log on with a Local Admin account
- Rename C:\Users\UserName to C:\Users\UserName.OLD
- Start RegEdit
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
- Navigate the folder list
- Folder names are user SIDs from the local machine and Active Directory
- My Documents and following
- Custom configuration files from AppData
The application should work. If not, then ProcessMonitor and/or ProcessExplorer would be our next step to see exactly where things are getting hung-up.
NOTE: For standalone machines set up with just the one user that operates as a local administrator, set up another user with a password on the machine and make it a local administrator. Then, log on with that account to run the above process.
SUGGESTION: Once the process has completed, set the day-to-day user account as a Standard User to help reduce the account’s attack surface.
Windows Remote Desktop Session Host with User Profile Disks (UPD)
We use a utility called Sidder to help figure out which UPD belongs to which user since the name they have is the user’s Active Directory SID.
- Have the user log off
- Use Sidder to obtain their UPD SID
- Rename the user’s UPD .VHDX file to OLD-UVHD-S-1-5-21-SID-Numbers-Here.VHDX
- Log the user account back on
- A new VHDX will appear with the user’s SID
- Have the user Log Off
- We usually run this process on the UPD host
- If Folder Redirect is being used this step is unnecessary
- Custom settings files may be nested in AppData so make sure to copy them
- It should work from now on
- If not, the ProcessMonitor and/or ProcessExplorer would be our next step
The above process should clean-up the majority of issues caused by corruption in the user’s profile folders.