Profile Reset : The Double Edged Sword #2

WARNING : DO NOT mess around with Registry Hives unless you KNOW what you are doing as you can cause permanent damage if you do something stupid....yes this is a warning!
Well since my last article I have found a solution that might tell you if the file is being used or in the locked mode that causes a profile reset from the start......to see follow these instructions...
How to check if the NTUSER.DAT is in use
1. Open Registry Editor
2. In the registry tree (on the left), click either the HKEY_USERS or HKEY_LOCAL_MACHINE keys
3. On the File menu, click Load Hive
4. In Look in, click the drive, folder, or network computer and folder that contains the hive you want to load (NTUSER.DAT)
5. Click Open
6. In Key Name, type the name that you want to assign to the hive, and then click OK
If you get the error shown below then this says that the NTUSER.DAT is being used by something else and if the user is logged off then they are obviously not logged off all machines in the company......

In this instance fire up Process Explorer and click on Find>Find Handle or DLL and enter "NTUSER.DAT" (without the quotes) and click on Search....

So from this we can see that the NTUSER.DAT is in use by the System process of the local machine.....you will need to check this on the server however.....
Previous Post Next Post

نموذج الاتصال