Domain workstations user profiles are getting deleted.

Skewampus 6 Reputation points
2021-07-15T21:14:08.717+00:00

The environment here consists of a Windows Server 2012 R2 as the domain controller and about forty workstation all running Windows 10. On only a hand full of workstations, we occasionally (about once a month) experience an issue where all the user profiles get deleted. When the user signs in, it creates a brand new profile. All the previous profiles are completely gone with no trace. There is not a Windows.000 or any other copies. The registry profilelist doesn't show any other profiles either. I do keep my workstations backed up so I've been able to restore them, but it's still too much productivity loss for the user. How do I prevent this from happening? I've found lots of discussions about corrupted profiles, but it does not appear that is the case here.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,575 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,055 questions
0 comments No comments
{count} vote

4 answers

Sort by: Most helpful
  1. Anonymous
    2021-07-15T21:47:50.24+00:00

    Procmon may help you figure who / what is deleting them.
    https://learn.microsoft.com/en-us/sysinternals/downloads/procmon

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

  2. Fan Fan 15,336 Reputation points Microsoft Vendor
    2021-07-16T02:03:29.483+00:00

    Hi,
    To audit who deleted the user profiles, it is suggested to enable the file system audit policy on the Users folder.
    1, Enable the audit policy on the workstation.
    Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy
    Double click the configuration item named: Audit Object Access.
    Enable the following security settings:
    • Define these policy settings
    • Success
    • Failure
    2, Set auditing on the files that you want to track。
    For more details, you can refer to:
    https://www.lepide.com/how-to/track-who-read-files-on-your-windows-file-servers.html

    Also, it is suggested to check if there are any scripts and schedule tasks on your computer.
    If configure any profiles related policies on the workstation.
    You may run command: gpresult /h report.html to collect the group policy results.

    This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.
    Best Regards,


  3. Anonymous
    2021-07-19T13:29:50.24+00:00

    Just checking if there's any progress or updates?

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

  4. Skewampus 6 Reputation points
    2021-07-26T18:52:55.963+00:00

    Thank you all for your replies. It happened twice to two different users this past week while I was out of town. I will play with the suggestions and see what happens.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.