Windows 10 sporadic user profile corruption (default/ntuser.dat locked by SYSTEM)
After Enterprise deployment of Windows 10; organisations are faced with sporadic user profile corruption.
Scenario:
- The corruption seem to happen for the 2nd user and other users from then on.
- The corruption seem to follow a ‘Sleep’ phase (after the machine wakes up)
- The corruption seem to happen if the ‘Sleep’ extends over night.
- The corruption only seem to happen if the ‘currently logged on’ user is not logged out but the new user logs-in by ‘switching accounts’.
- Event logs specify the C:\default\ntuser.dat file being locked by the SYSTEM user.
Solution:
My supposition is that this might be a BUG in the new user profile creation process in Windows 10. But the below implementation fixes the above issue gracefully and permanently.
In short, C:\default\ntuser.dat is locked by the SYSTEM; only the SYSTEM can give it back to you. So request the SYSTEM to release control (ask nicely). Ask the SYSTEM to release control on event ‘On Local disconnect from any user session’. Run the Schedule-task as SYSTEM.
Create a schedule task using AD group policy with the below configuration.
This is a very nice article Trent; well written.
I saw this problem with one of my customers a few years ago.
They had an Application Installation script that loaded the default user registry-hive but, occasionally failed to unload it.
But this only affected users who login to the device for the first time because the user’s profile was fashioned after the default users ‘ntuser.dat’.
The troubleshooting process was tedious and time consuming. The above implementation would have helped us.