Jump to content

HKEY_USERS hives loaded when users not logged on

Guest jjjdavidson

By Guest jjjdavidson
in Windows XP

 Share

Recommended Posts

Guest jjjdavidson

Guest jjjdavidson

Posted
Posted

Under what circumstances can a user's registry hive under HKEY_USERS remain

loaded (or get reloaded) after a Windows XP system is rebooted--but before

the user logs on? I'm hearing about users who are losing their local profile

because their hive is in use even after a reboot.

 

We use an antispyware program that loads all the user hives while it runs.

If it crashes, the hives it loads don't unload from HKEY_USERS; a reboot

normally clears this up. But a very few users are reporting that the

HKEY_USERS entries persist even AFTER a reboot (which I didn't think was

possible). I've not been able to see it for myself; someone else unloaded

the hives manually before I saw them.

 

What can cause a hive under HKEY_USERS to remain open?

 

Thanks!

Jay

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest nass

Guest nass

Posted
Posted

RE: HKEY_USERS hives loaded when users not logged on

 

 

 

"jjjdavidson" wrote:

> Under what circumstances can a user's registry hive under HKEY_USERS remain

> loaded (or get reloaded) after a Windows XP system is rebooted--but before

> the user logs on? I'm hearing about users who are losing their local profile

> because their hive is in use even after a reboot.

>

> We use an antispyware program that loads all the user hives while it runs.

> If it crashes, the hives it loads don't unload from HKEY_USERS; a reboot

> normally clears this up. But a very few users are reporting that the

> HKEY_USERS entries persist even AFTER a reboot (which I didn't think was

> possible). I've not been able to see it for myself; someone else unloaded

> the hives manually before I saw them.

>

> What can cause a hive under HKEY_USERS to remain open?

>

> Thanks!

> Jay

 

 

Try the UPHCS, reboot your machine after the installation.

User Profile Hive Cleanup Service

 

http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

Guest JS

Guest JS

Posted
Posted

Re: HKEY_USERS hives loaded when users not logged on

 

Try UPHClean:

"User Profile Hive Cleanup Service"

http://www.microsoft.com/downloadS/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

 

JS

http://www.pagestart.com

 

 

"jjjdavidson" <jjjdavidson@discussions.microsoft.com> wrote in message

news:50ECB383-5BD1-4590-AC99-BB871B9DE49A@microsoft.com...

> Under what circumstances can a user's registry hive under HKEY_USERS

> remain

> loaded (or get reloaded) after a Windows XP system is rebooted--but before

> the user logs on? I'm hearing about users who are losing their local

> profile

> because their hive is in use even after a reboot.

>

> We use an antispyware program that loads all the user hives while it runs.

> If it crashes, the hives it loads don't unload from HKEY_USERS; a reboot

> normally clears this up. But a very few users are reporting that the

> HKEY_USERS entries persist even AFTER a reboot (which I didn't think was

> possible). I've not been able to see it for myself; someone else unloaded

> the hives manually before I saw them.

>

> What can cause a hive under HKEY_USERS to remain open?

>

> Thanks!

> Jay

Guest jjjdavidson

Guest jjjdavidson

Posted
Posted

RE: HKEY_USERS hives loaded when users not logged on

 

We're already running UPHClean on our systems (because of Windows Defender).

UPHClean isn't going to help, though, because the problem isn't when users

log off; it's when our spyware scanner fails to unload the user hives that it

loads directly (while the user ISN'T logged on). These hives are loaded

under a string name, not the user's SID.

 

Allegedly, some of the user hives are remaining locked (loaded by the

administrator account) even AFTER a complete system reboot, and I'm trying to

find out what, if anything, can cause that.

 

Thanks!

Jay

 

"nass" wrote:

>

>

> "jjjdavidson" wrote:

>

> > Under what circumstances can a user's registry hive under HKEY_USERS remain

> > loaded (or get reloaded) after a Windows XP system is rebooted--but before

> > the user logs on? I'm hearing about users who are losing their local profile

> > because their hive is in use even after a reboot.

> >

> > We use an antispyware program that loads all the user hives while it runs.

> > If it crashes, the hives it loads don't unload from HKEY_USERS; a reboot

> > normally clears this up. But a very few users are reporting that the

> > HKEY_USERS entries persist even AFTER a reboot (which I didn't think was

> > possible). I've not been able to see it for myself; someone else unloaded

> > the hives manually before I saw them.

> >

> > What can cause a hive under HKEY_USERS to remain open?

> >

> > Thanks!

> > Jay

>

>

> Try the UPHCS, reboot your machine after the installation.

> User Profile Hive Cleanup Service

>

> http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

>

Guest nass

Guest nass

Posted
Posted

RE: HKEY_USERS hives loaded when users not logged on

 

 

Jay why you using the Spyware Program to keep a copy (Image if want to call

it) and restore it?

This mean the Anti-spyware programs not releasing the Memory usage and not

completing the Job (changing the Reg hives).

If you mean by this, not allowing User to make chnages on the Os and their

work saved to another location why you don't use an image that reinstall

itself or clear any changes made by the user?

Forgive me if I misunderstood your point here, but we need more

clarification about why using a Spware program to restore Hives.

 

Can you check the Event log for any clues about error fo a specific apps

interfering in the process!

 

"jjjdavidson" wrote:

> We're already running UPHClean on our systems (because of Windows Defender).

> UPHClean isn't going to help, though, because the problem isn't when users

> log off; it's when our spyware scanner fails to unload the user hives that it

> loads directly (while the user ISN'T logged on). These hives are loaded

> under a string name, not the user's SID.

>

> Allegedly, some of the user hives are remaining locked (loaded by the

> administrator account) even AFTER a complete system reboot, and I'm trying to

> find out what, if anything, can cause that.

>

> Thanks!

> Jay

>

> "nass" wrote:

>

> >

> >

> > "jjjdavidson" wrote:

> >

> > > Under what circumstances can a user's registry hive under HKEY_USERS remain

> > > loaded (or get reloaded) after a Windows XP system is rebooted--but before

> > > the user logs on? I'm hearing about users who are losing their local profile

> > > because their hive is in use even after a reboot.

> > >

> > > We use an antispyware program that loads all the user hives while it runs.

> > > If it crashes, the hives it loads don't unload from HKEY_USERS; a reboot

> > > normally clears this up. But a very few users are reporting that the

> > > HKEY_USERS entries persist even AFTER a reboot (which I didn't think was

> > > possible). I've not been able to see it for myself; someone else unloaded

> > > the hives manually before I saw them.

> > >

> > > What can cause a hive under HKEY_USERS to remain open?

> > >

> > > Thanks!

> > > Jay

> >

> >

> > Try the UPHCS, reboot your machine after the installation.

> > User Profile Hive Cleanup Service

> >

> > http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

> >

Guest jjjdavidson

Guest jjjdavidson

Posted
Posted

RE: HKEY_USERS hives loaded when users not logged on

 

I'm not "keeping a copy" of the users' registry hives. The spyware scanner

loads the user's existing hive temporarily, so it can scan the user's

registry settings for spyware. The scanner runs under an administrator

account, and loads the hives for limited users by name into HKEY_USERS.

 

The problem is that--allegedly--the user's hive is sometimes remaining

loaded in HKEY_USERS, and therefore locked away from the user, even after a

full system reboot.

 

All I'm trying to find out is what circumstances, if any, can leave a

registry hive loaded in HKEY_USERS, when the system has just been rebooted

and the user has not yet logged on.

 

"nass" wrote:

>

> Jay why you using the Spyware Program to keep a copy (Image if want to call

> it) and restore it?

> This mean the Anti-spyware programs not releasing the Memory usage and not

> completing the Job (changing the Reg hives).

> If you mean by this, not allowing User to make chnages on the Os and their

> work saved to another location why you don't use an image that reinstall

> itself or clear any changes made by the user?

> Forgive me if I misunderstood your point here, but we need more

> clarification about why using a Spware program to restore Hives.

>

> Can you check the Event log for any clues about error fo a specific apps

> interfering in the process!

>

> "jjjdavidson" wrote:

>

> > We're already running UPHClean on our systems (because of Windows Defender).

> > UPHClean isn't going to help, though, because the problem isn't when users

> > log off; it's when our spyware scanner fails to unload the user hives that it

> > loads directly (while the user ISN'T logged on). These hives are loaded

> > under a string name, not the user's SID.

> >

> > Allegedly, some of the user hives are remaining locked (loaded by the

> > administrator account) even AFTER a complete system reboot, and I'm trying to

> > find out what, if anything, can cause that.

> >

> > Thanks!

> > Jay

> >

> > "nass" wrote:

> >

> > >

> > >

> > > "jjjdavidson" wrote:

> > >

> > > > Under what circumstances can a user's registry hive under HKEY_USERS remain

> > > > loaded (or get reloaded) after a Windows XP system is rebooted--but before

> > > > the user logs on? I'm hearing about users who are losing their local profile

> > > > because their hive is in use even after a reboot.

> > > >

> > > > We use an antispyware program that loads all the user hives while it runs.

> > > > If it crashes, the hives it loads don't unload from HKEY_USERS; a reboot

> > > > normally clears this up. But a very few users are reporting that the

> > > > HKEY_USERS entries persist even AFTER a reboot (which I didn't think was

> > > > possible). I've not been able to see it for myself; someone else unloaded

> > > > the hives manually before I saw them.

> > > >

> > > > What can cause a hive under HKEY_USERS to remain open?

> > > >

> > > > Thanks!

> > > > Jay

> > >

> > >

> > > Try the UPHCS, reboot your machine after the installation.

> > > User Profile Hive Cleanup Service

> > >

> > > http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

> > >

 Share
Go to topic listing
×
×
  • Create New...