Powershell Script to automate Temporary Windows Profile Registry Fix

Hygge Jack 1 Reputation point
2021-02-25T21:37:19.09+00:00

UPDATE! Almost There!!!

Using the suggestions below, and with a lot of tinkering I now have a working script! This will search the ProfileList Registry key for the file with the .bak extension. It adds an extension to the temporary profile in play, then removes the .bak from the backup extension to restore the proper profile.

However, I did run into a snag. Occasionally, a users computer may have duplicate SSIDs. For example:

S-1-5-21-662528488-348457345-1760376032-283586
S-1-5-21-662528488-348457345-1760376032-283586 (1)

Would someone be willing to help me my working script to search for and rename any duplicates before restoring the .bak profile?

    Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\"  | foreach {     #Profile List Registry Folder  
  
       "Looking at key {0}" -f $_.name  
  
             if ($_.name.EndsWith('.bak')) {  
  
             $RestoredProfile = $_.PSChildName.Replace('.bak','')           
  
             "RestoredProfile is {0}" -f $RestoredProfile  
  
             $TempProfile = $_.Name.Replace('.bak','')  
  
             "TempProfile is {0}" -f $TempProfile  
  
             $RandomExt = -join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_})  
  
             $DateTime = (Get-Date -Format "MM-dd-yyyy._.HH:mm:sstt")  
  
             if (Test-Path "Registry::$TempProfile"){    
  
                 Get-item  "Registry::$TempProfile" | rename-item -NewName "$RestoredProfile.$DateTime"    #Use RandomExt for a randomly generated 5 charactector extension, or DateTime for the extension  
  
                 $_ | rename-item -NewName "$RestoredProfile"} } }   

Hi All...I was wondering if someone could point me in the right direction for a Powershell script. Like the rest of the world, our users are working remote, and with that we have seen a dramatic uptick in users being logged in with a Temporary Profile. I'd like to see if it would be possible to use Powershell to automate the process below. There might be scripts out there already but I haven't been able to find one. I can understand code when I look at it for the most part but really don't know how to write this from scratch. Any assistance would be unbelievable appreciated!

The fix for us is to:

  1. Remote into the users computer and elevate the session in order to have admin rights.
  2. Launch the Registry Editor as an admin.
  3. Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  4. Find the two registry entries with matching names (one with the .BAK extension, the other without an extension...see below).
  5. Add .temp to the entry without an extension.
  6. Remove the .BAK from the entry with that extension.

72251-tempprofile.png

After a reboot, all is well.

Thank you so much for taking the time to look at this with me.

~ Jack

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,147 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,453 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. MotoX80 32,736 Reputation points
    2021-02-26T03:37:36.357+00:00

    If your pc's are set up for WinRM you can run Invoke-Command against a list of pc names. I used c:\temp\pc.txt.

    I don't have your problem so I tested with different keys. I have -whatif on the renames so you can run this against several pc's to find one that has the problem. Then remove the -whatif and test the script to verify that it does what you need.

    $sb = {
        "---------------------------------------------------------"
        "Executing on {0}" -f $env:COMPUTERNAME
        $Path = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
        Get-ChildItem  "Registry::$Path"  | foreach {
            "Looking at key {0}" -f $_.name
            if ($_.name.EndsWith('.bak')) {
                "Found a .bak !!!!!!!!!!!"
                $Shortname = $_.PSChildName.Replace('.bak','')       # Get the S-1-5-.......bak part and remove the .bak 
                "ShortName is {0}" -f $ShortName                     
                $BadKey = $_.Name.Replace('.bak','')                 # Get HKEY_LOCAL_MACHINE\SOFTWARE.......bak part and remove the .bak
                "BadKey is {0}" -f $BadKey      
                if (Test-Path "Registry::$BadKey") {
                    Get-item  "Registry::$BadKey" | rename-item -NewName "$ShortName.temp" -whatif     # rename with .temp  
                    $_ | rename-item -NewName "$ShortName" -whatif                                     # rename the .bak key we founf to remove the .bak 
                    "Renamed!!!"
                } else {
                    "I did not find the bad key. Nothing was updated."
                }
              }
        } 
    }
    $PCnames = get-content c:\temp\pc.txt                           # file containing list of pc names 
    foreach ($pc in $PCnames) {
        Invoke-Command -ComputerName $pc -ScriptBlock $sb 
    }
    

  2. Ian Xue (Shanghai Wicresoft Co., Ltd.) 34,111 Reputation points Microsoft Vendor
    2021-02-26T06:01:20.43+00:00

    Hi,

    To rename a registry key you can use the Rename-Item cmdlet

    $computer="computer01"  
    $path1 = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5...392830"  
    $path2 = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5...392830.bak"  
    $cred= Get-Credential  
    Invoke-Command -ComputerName $computer -Credential $cred -ScriptBlock {  
        Rename-Item -Path $using:path1 -NewName "S-1-5...392830.tmp"  
        Rename-Item -Path $using:path2 -NewName "S-1-5...392830"  
    }  
    

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.