I had to recreate a user’s Windows profile the other day and made the novice mistake of removing the profile from his computer by just deleting the folder from
c:\Users. Not a good idea coz that leaves all the registry stuff behind. The correct way to remove his profile would have been to go via the System properties, User Profiles, and then delete the profile. If it complains about the folder not being removed, then remove the folder.
What happened in my case since the registry stuff was still leftover is that Windows wouldn’t create a new profile folder because it thought the profile folder had an error. It kept logging the user in with a temporary profile and complained so: “You have been logged on with Temporary profile”.
Worse, I always thought
HKEY_USERS was where all the registry stuff was stored so that’s where I kept looking to try and delete the registry bits manually. Finally I realized it’s under
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList – doh!
HKEY_USERS only has the registry hives for actively loaded profiles – not necessarily the one logged in interactively, but also user accounts running in the background or that have recently run (via “run as” etc).
So I went to
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList, found the profile (which now had a
.bak suffixed to it), deleted it (because I want him to start afresh), and that got things working again.
After recreating the profile the user told me he wanted his Internet Explorer saved passwords. These are stored under
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 but I hadn’t saved his
HKCU hive before deleting the profile. Not a problem – I had a backup of the profile folder, so I:
- Copied the
NTUSER.DATfile from there to my computer (
NTUSER.DATis basically the
HKCUhive for his account),
- Loaded it into my registry as a temporary hive,
...\Software\Microsoft\Internet Explorer\IntelliForms\Storage2from this temporary location to a
- Opened this file in notepad and renamed the root to
I then sent the
.reg file to the user and once he opened it the passwords were imported into his registry.
Here’s the command I ran from an elevated command prompt to load the
ntuser.dat file to a temporary location
reg.exe load HKLM\TempHive .\ntuser.dat
Using the above temporary location, I had to rename
HKEY_CURRENT_USER once I exported the key and opened in notepad.