RE: HKEY_USERS hives loaded when users not logged on
I'm not "keeping a copy" of the users' registry hives. The spyware scanner
loads the user's existing hive temporarily, so it can scan the user's
registry settings for spyware. The scanner runs under an administrator
account, and loads the hives for limited users by name into HKEY_USERS.
The problem is that--allegedly--the user's hive is sometimes remaining
loaded in HKEY_USERS, and therefore locked away from the user, even after a
full system reboot.
All I'm trying to find out is what circumstances, if any, can leave a
registry hive loaded in HKEY_USERS, when the system has just been rebooted
and the user has not yet logged on.
"nass" wrote:
>
> Jay why you using the Spyware Program to keep a copy (Image if want to call
> it) and restore it?
> This mean the Anti-spyware programs not releasing the Memory usage and not
> completing the Job (changing the Reg hives).
> If you mean by this, not allowing User to make chnages on the Os and their
> work saved to another location why you don't use an image that reinstall
> itself or clear any changes made by the user?
> Forgive me if I misunderstood your point here, but we need more
> clarification about why using a Spware program to restore Hives.
>
> Can you check the Event log for any clues about error fo a specific apps
> interfering in the process!
>
> "jjjdavidson" wrote:
>
> > We're already running UPHClean on our systems (because of Windows Defender).
> > UPHClean isn't going to help, though, because the problem isn't when users
> > log off; it's when our spyware scanner fails to unload the user hives that it
> > loads directly (while the user ISN'T logged on). These hives are loaded
> > under a string name, not the user's SID.
> >
> > Allegedly, some of the user hives are remaining locked (loaded by the
> > administrator account) even AFTER a complete system reboot, and I'm trying to
> > find out what, if anything, can cause that.
> >
> > Thanks!
> > Jay
> >
> > "nass" wrote:
> >
> > >
> > >
> > > "jjjdavidson" wrote:
> > >
> > > > Under what circumstances can a user's registry hive under HKEY_USERS remain
> > > > loaded (or get reloaded) after a Windows XP system is rebooted--but before
> > > > the user logs on? I'm hearing about users who are losing their local profile
> > > > because their hive is in use even after a reboot.
> > > >
> > > > We use an antispyware program that loads all the user hives while it runs.
> > > > If it crashes, the hives it loads don't unload from HKEY_USERS; a reboot
> > > > normally clears this up. But a very few users are reporting that the
> > > > HKEY_USERS entries persist even AFTER a reboot (which I didn't think was
> > > > possible). I've not been able to see it for myself; someone else unloaded
> > > > the hives manually before I saw them.
> > > >
> > > > What can cause a hive under HKEY_USERS to remain open?
> > > >
> > > > Thanks!
> > > > Jay
> > >
> > >
> > > Try the UPHCS, reboot your machine after the installation.
> > > User Profile Hive Cleanup Service
> > >
> > > http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en
> > >