How do I disable SAM checks/querying profiles are boot up to avoid slow down with a 50k+ local users?

Question

I have 2021R2 server on AWS which has been running for almost a decade now. It's being used as a IIS web server and for authentication IIS is using windows integrated authentication and the users have been created as local users on the machine (it was the easiest solution at the time). Over time there are now 50k+ local users created on the machine. It's not the best design but that's how it's been running without any issues on 2021R2. I need to upgrade the server to 2019 or newer to use of some of the newer IIS features, however when I try to migrate (recreate) all the 50+ users to a 2019 or 2022 server the machine takes over 12 hours to complete boot up and login. From the event logs I can gleam that SAM is causing the issues, (there's a 3-8 hour gap between the first SAM entry and the next one, which is nearly instantaneous on the 2012R2 server). I have no issues what so ever on the 2012R2 server, it complete boot up and login in about 2 minutes or less.

So my question is how do disable any new features in SAM that's causing it to slow down? Someone suggested that SAM is trying to load all the profiles before login or trying to enumerate the profiles etc. How do I get SAM to behave like 2012R2 in 2019/2022 servers? I tried tweaking the registry to disable the last username, allow for automatic login and the requirement for alt+ctl+del and it's no difference. I've also trying sizing the hardware from 1GB to 16GB and more processors but it's made absolutely no difference. There's something that's slowing up the boot up/login process in 2019/2022 server with 50k+ local users which isn't happening in 2012R2. Any insight or ideas would be appreciated on how to speed up SAM or anything else that may be slowing down the initialization (to note after it boots up, it runs perfectly fine - RDP times out but everything else works).

Answer 1

Hello there,

One suggestion would be dig further for the cause as I guess SAM might not be the only trouble here.

You can use native windows tools for this.

Process Monitor is an advanced monitoring tool for Windows that shows real-time file

system, Registry and process/thread activity. You can get the tool from here

https://docs.microsoft.com/enus/sysinternals/downloads/procmon

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log

system activity to the Windows event log.You can get the tool from here

https://docs.microsoft.com/enus/sysinternals/downloads/sysmon

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer--