(Note: This is in reference to schools and businesses where roaming profiles
are used and the user account, documents, etc primarily exist on a central file server, rather than the local computer.)
,
It is a mystery to me, why Windows demands or requires the local cached copy of the user's profile to always be pristine and error-free in order for the user to logon.
If there is something wrong with the local cached user profile, the user can not logon. Windows says something about how "the User Profile Service failed the logon" but the event log records no details whatsoever about exactly what the problem is.
However, in other situations such as when there is a server permissions problem, Windows will log the user on with a temporary profile. Why can't that be done when the cached profile is corrupt in some manner?
,
In my own research, I have found that in every case, the primary fix is to go here:
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
And remove any keys with that username shown in
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\{....keyname}\ProfileImagePath
And then also either rename or move the user's local profile data mentioned in the imagepath. At next logon, everything works great, no "Failed the logon" errors.
,
I have been thinking that perhaps it would be useful to write a tool that at every boot, sweeps through the profilelist and deletes any keys and user profiles that aren't part of some select group I choose.
For example, keep only S-1-5-18, S-1-5-19, S-1-5-20, and the one for the Administrator. All else can go.
,
But it seems possible that the GPO "Delete cached copies of roaming profiles" may possibly already be doing this.
http://support.microsoft.com/kb/274152
I need to do some more research to see if the "Failed the logon" error still occurs on machines that are set to automatically delete cached roaming profiles via Group Policy.
If yes, then additional forced scripted profilelist data deletion may be a good idea, done as a GPO Computer Configuration startup script that runs before the logon prompt appears.