none
how do you cleanly delete a profile?

    Question

  • How do you cleanly delete a profile, so there's no reference to its sid anymore?  After I delete a profile, I can still find references to its sid in many places in the registry and file system.  They all seem to be appx related.

    y if gone after reboot

    HKEY_LOCAL_MACHINE\SOFTWARE\classes\local settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\*  y HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache  y
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UserManager\Users
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData  y
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\UserTile
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\DataStore
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache\PurgeAtNextLogoff
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SystemProtectedUserData
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileService\References  y
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VolatileUserMgrKey  y
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\FirstNotDefault
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\DataStore


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules
     (several)

    HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production


    (many under these two)
    C:\Program Files\WindowsApps\
    C:\ProgramData\Microsoft\Windows\AppRepository\Packages\

    C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache
    C:\Windows\System32\WDI\LogFiles\StartupInfo

    C:\windows\system32\config\BBI (registry hive)





    • Edited by JS2010 Monday, March 12, 2018 9:14 PM
    Wednesday, October 11, 2017 4:24 PM

All replies

  • You could give this a try: https://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/

    Best regards (79,108,97,102|%{[char]$_})-join''

    Wednesday, October 11, 2017 8:59 PM
  • When you need to delete the user profile from computer we need to do three things:

    Delete C:\Users\[account name]

    Delete HKEY_USERS\[SID]\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

    Delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\[SID]

    Alternately, we can run sysdm.cpl and delete the User Account from the User settings under the Advanced Tab.

    After achieving above steps, it’s enough to believe user profile has been removed cleanly.

    Maybe there are some traces about this profile were reserved on app side, but we don’t need to care it, Store app is based on account, once switch account, there will be nothing influenced.

    Your list is correct, I checked it, however, we really don’t have to be quite as fastidious


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 12, 2017 3:16 AM
    Moderator
  • The problem is, different services start pegging at 25% cpu (maximum for a thread), the more this leftover information piles up.  It could be the Windows Firewall service, the AppX Deployment Service (AppXSVC), or the DCOM Server Process Launcher.  Now I have 3 computers with 4000 logins where you can't click on the start menu or search anymore.  I'll probably reimage them tonight.


    • Edited by JS2010 Thursday, October 12, 2017 2:52 PM
    Thursday, October 12, 2017 2:52 PM
  • Yes, it's ridiculous in this day and age that deleting a user doesn't clean them out of the registry and file system.  This is one of the things I expected to improve after Windows 7.
    Thursday, October 12, 2017 8:06 PM
  • >>Now I have 3 computers with 4000 logins where you can't click on the start menu or search anymore.

    If start menu and search box have issue, what we consider first should be start menu troubleshooter rather than user profiles’ number or residue.

    Reimage is also a good way, look forward to your update.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 13, 2017 1:39 AM
    Moderator
  • Nothing I've tried cleanly deletes a profile.  Regular reboots seem better.  I've reimaged those 3 computers that have 4000 logins in a month.  Next time I'll switch out one of them and examine it further.

    I'm searching for sid's like this in powershell:

    # Get an sid like this...

    Get-CimInstance Win32_UserProfile | Select SID,LocalPath

    # Then after deleting a profile...

    ls -r \ *S-1-5-21-123456789-1234567890-1234567890-1234* -Force -ErrorAction SilentlyContinue | Select Directory

    .\Search-Regsitry -StartKey HKLM: -Pattern S-1-5-21-123456789-1234567890-1234567890-1234 -MatchValue -MatchKey -MatchData -ErrorAction SilentlyContinue 


    (how do you make blank lines and monospaced fonts in this forum btw?)


    • Edited by JS2010 Monday, October 30, 2017 2:19 PM
    Monday, October 30, 2017 2:15 PM
  • (how do you make blank lines and monospaced fonts in this forum btw?)


    Use an html editor and insert using the HTML button at the top of the editor window
    Monday, October 30, 2017 2:33 PM
  • Much much better would be to use the given formatting options in the editor!!! This way you'd get a reasonable formatting for code or "output" from Powershell without line breaks where they don't belong.

    Best regards (79,108,97,102|%{[char]$_})-join''

    Monday, October 30, 2017 4:39 PM
  • Here's another example of user sid related registry items left over after deleting a profile.  Network printers of the form "\\printserver\printerqueue" owned by pretend sid "S-1-1-11-1111111111-1111111111-1111111111-111111".  This may give you trouble when creating the profile again and adding the network printer.


    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\printserver\Monitors\Client Side Port\{F9533648-6103-4A9B-A56F-C3633DECA298} Value: PrinterPath Data: \Users\S-1-1-11-1111111111-1111111111-1111111111-111111\Printers\^\^\printserver^\printerqueue

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\printserver\Printers\{F9533648-6103-4A9B-A56F-C3633DECA298} Value: Location Data: \Users\S-1-1-11-1111111111-1111111111-1111111111-111111\Printers\^\^\printserver^\printerqueue

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\S-1-1-11-1111111111-1111111111-1111111111-111111\Printers\Connections\,,printserver,printerqueue 

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\S-1-1-11-1111111111-1111111111-1111111111-111111\Printers\Connections\,,printserver,printerqueue 


    • Edited by JS2010 Wednesday, April 18, 2018 7:02 PM
    Wednesday, April 18, 2018 7:02 PM