Thank you all for your replies. It happened twice to two different users this past week while I was out of town. I will play with the suggestions and see what happens.
Domain workstations user profiles are getting deleted.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 56.00000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Skewampus
6
Reputation points
The environment here consists of a Windows Server 2012 R2 as the domain controller and about forty workstation all running Windows 10. On only a hand full of workstations, we occasionally (about once a month) experience an issue where all the user profiles get deleted. When the user signs in, it creates a brand new profile. All the previous profiles are completely gone with no trace. There is not a Windows.000 or any other copies. The registry profilelist doesn't show any other profiles either. I do keep my workstations backed up so I've been able to restore them, but it's still too much productivity loss for the user. How do I prevent this from happening? I've found lots of discussions about corrupted profiles, but it does not appear that is the case here.
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other
4 answers
Sort by: Most helpful
-
Skewampus 6 Reputation points
2021-07-26T18:52:55.963+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2021-07-27T00:58:47.437+00:00 Hi,
Hope we can find some clues.
Best Regards,
Sign in to comment -
-
Anonymous
2021-07-19T13:29:50.24+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
Anonymous
2021-07-16T02:03:29.483+00:00 Hi,
To audit who deleted the user profiles, it is suggested to enable the file system audit policy on the Users folder.
1, Enable the audit policy on the workstation.
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy
Double click the configuration item named: Audit Object Access.
Enable the following security settings:
• Define these policy settings
• Success
• Failure
2, Set auditing on the files that you want to track。
For more details, you can refer to:
https://www.lepide.com/how-to/track-who-read-files-on-your-windows-file-servers.htmlAlso, it is suggested to check if there are any scripts and schedule tasks on your computer.
If configure any profiles related policies on the workstation.
You may run command: gpresult /h report.html to collect the group policy results.This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.
Best Regards,-
Anonymous
2021-07-19T06:57:23.627+00:00 Hi,
If this question has any update?
Welcome to share your current situation.
Please feel free to let us know if you need further assistance.
Best Regards,
Sign in to comment -
-
Anonymous
2021-07-15T21:47:50.24+00:00 Procmon may help you figure who / what is deleting them.
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon--please don't forget to
upvoteandAccept as answerif the reply is helpful--