Share via

Powershell Script to automate Temporary Windows Profile Registry Fix

Hygge Jack 1 Reputation point
2021-02-25T21:37:19.09+00:00

UPDATE! Almost There!!!

Using the suggestions below, and with a lot of tinkering I now have a working script! This will search the ProfileList Registry key for the file with the .bak extension. It adds an extension to the temporary profile in play, then removes the .bak from the backup extension to restore the proper profile.

However, I did run into a snag. Occasionally, a users computer may have duplicate SSIDs. For example:

S-1-5-21-662528488-348457345-1760376032-283586
S-1-5-21-662528488-348457345-1760376032-283586 (1)

Would someone be willing to help me my working script to search for and rename any duplicates before restoring the .bak profile? 

    Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\"  | foreach {     #Profile List Registry Folder  
  
       "Looking at key {0}" -f $_.name  
  
             if ($_.name.EndsWith('.bak')) {  
  
             $RestoredProfile = $_.PSChildName.Replace('.bak','')           
  
             "RestoredProfile is {0}" -f $RestoredProfile  
  
             $TempProfile = $_.Name.Replace('.bak','')  
  
             "TempProfile is {0}" -f $TempProfile  
  
             $RandomExt = -join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_})  
  
             $DateTime = (Get-Date -Format "MM-dd-yyyy._.HH:mm:sstt")  
  
             if (Test-Path "Registry::$TempProfile"){    
  
                 Get-item  "Registry::$TempProfile" | rename-item -NewName "$RestoredProfile.$DateTime"    #Use RandomExt for a randomly generated 5 charactector extension, or DateTime for the extension  
  
                 $_ | rename-item -NewName "$RestoredProfile"} } }

Hi All...I was wondering if someone could point me in the right direction for a Powershell script. Like the rest of the world, our users are working remote, and with that we have seen a dramatic uptick in users being logged in with a Temporary Profile. I'd like to see if it would be possible to use Powershell to automate the process below. There might be scripts out there already but I haven't been able to find one. I can understand code when I look at it for the most part but really don't know how to write this from scratch. Any assistance would be unbelievable appreciated!

The fix for us is to:

  1. Remote into the users computer and elevate the session in order to have admin rights.
  2. Launch the Registry Editor as an admin.
  3. Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  4. Find the two registry entries with matching names (one with the .BAK extension, the other without an extension...see below).
  5. Add .temp to the entry without an extension.
  6. Remove the .BAK from the entry with that extension.

72251-tempprofile.png

After a reboot, all is well.

Thank you so much for taking the time to look at this with me.

~ Jack

Windows for business | Windows Server | User experience | PowerShell
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. MotoX80 36,291 Reputation points
    2021-02-26T03:37:36.357+00:00

    If your pc's are set up for WinRM you can run Invoke-Command against a list of pc names. I used c:\temp\pc.txt.

    I don't have your problem so I tested with different keys. I have -whatif on the renames so you can run this against several pc's to find one that has the problem. Then remove the -whatif and test the script to verify that it does what you need. 

    $sb = {
    "---------------------------------------------------------"
    "Executing on {0}" -f $env:COMPUTERNAME
    $Path = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
    Get-ChildItem  "Registry::$Path"  | foreach {
        "Looking at key {0}" -f $_.name
        if ($_.name.EndsWith('.bak')) {
            "Found a .bak !!!!!!!!!!!"
            $Shortname = $_.PSChildName.Replace('.bak','')       # Get the S-1-5-.......bak part and remove the .bak 
            "ShortName is {0}" -f $ShortName                     
            $BadKey = $_.Name.Replace('.bak','')                 # Get HKEY_LOCAL_MACHINE\SOFTWARE.......bak part and remove the .bak
            "BadKey is {0}" -f $BadKey      
            if (Test-Path "Registry::$BadKey") {
                Get-item  "Registry::$BadKey" | rename-item -NewName "$ShortName.temp" -whatif     # rename with .temp  
                $_ | rename-item -NewName "$ShortName" -whatif                                     # rename the .bak key we founf to remove the .bak 
                "Renamed!!!"
            } else {
                "I did not find the bad key. Nothing was updated."
            }
          }
    } 
}
$PCnames = get-content c:\temp\pc.txt                           # file containing list of pc names 
foreach ($pc in $PCnames) {
    Invoke-Command -ComputerName $pc -ScriptBlock $sb 
}
  2. Anonymous
    2021-02-26T06:01:20.43+00:00

    Hi,

    To rename a registry key you can use the Rename-Item cmdlet 

    $computer="computer01"  
$path1 = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5...392830"  
$path2 = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5...392830.bak"  
$cred= Get-Credential  
Invoke-Command -ComputerName $computer -Credential $cred -ScriptBlock {  
    Rename-Item -Path $using:path1 -NewName "S-1-5...392830.tmp"  
    Rename-Item -Path $using:path2 -NewName "S-1-5...392830"  
}

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.