We have a set of 9 Home Directory servers (Server 2008 R2 Enterprise Clusters) and I’ve just noticed that the C:\Users folder contains profiles for a number of users who cannot possibly have logged on to the them interactively. · The servers are in a secure location so no chance of console access. · Remote Desktop user group contains only Administrators. · Remote Desktop is restricted by Firewall. How and why are these profiles appearing? They are local profiles rather than roaming (have checked) and contain only Microsoft AppData. I’ve found a post on another forum about the same issue but no resolution! http://serverfault.com/questions/50401/user-profiles-being-created-on-machines-without-logging-in Any ideas? Thanks

Hi, Is EFS being used in the environment? A possible cause is that there are some EFS files shared on the server. If it is not the case, please help check what exact folder/files are stored in the profile. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks EFS is not being used. Files in profiles from 2 sample users are: User 1: C:\Users\user\AppData C:\Users\user\Application Data C:\Users\user\Cookies C:\Users\user\Local Settings C:\Users\user\NetHood C:\Users\user\NTUSER.DAT C:\Users\user\ntuser.dat.LOG1 C:\Users\user\ntuser.dat.LOG2 C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms C:\Users\user\ntuser.ini C:\Users\user\PrintHood C:\Users\user\Recent C:\Users\user\SendTo C:\Users\user\Start Menu C:\Users\user\Templates C:\Users\user\AppData\Local C:\Users\user\AppData\LocalLow C:\Users\user\AppData\Roaming C:\Users\user\AppData\Local\Application Data C:\Users\user\AppData\Local\History C:\Users\user\AppData\Local\Microsoft C:\Users\user\AppData\Local\Temp C:\Users\user\AppData\Local\Temporary Internet Files C:\Users\user\AppData\Local\Microsoft\Windows C:\Users\user\AppData\Local\Microsoft\Windows\History C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\Users\user\AppData\Local\Microsoft\Windows\usrclass.dat C:\Users\user\AppData\Local\Microsoft\Windows\usrclass.dat.LOG1 C:\Users\user\AppData\Local\Microsoft\Windows\usrclass.dat.LOG2 C:\Users\user\AppData\Local\Microsoft\Windows\usrclass.dat{63e659c1-896e-11df-b03f-0050563a00b8}.TM.blf C:\Users\user\AppData\Local\Microsoft\Windows\usrclass.dat{63e659c1-896e-11df-b03f-0050563a00b8}.TMContainer00000000000000000001.regtrans-ms C:\Users\user\AppData\Local\Microsoft\Windows\usrclass.dat{63e659c1-896e-11df-b03f-0050563a00b8}.TMContainer00000000000000000002.regtrans-ms C:\Users\user\AppData\Roaming\Microsoft C:\Users\user\AppData\Roaming\Microsoft\Crypto C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer C:\Users\user\AppData\Roaming\Microsoft\Protect C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates C:\Users\user\AppData\Roaming\Microsoft\Windows C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1417001333-839522115-1801674531-110682 C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-1417001333-839522115-1801674531-110682 C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini User 2: C:\Users\user2\AppData C:\Users\user2\Application Data C:\Users\user2\Cookies C:\Users\user2\Local Settings C:\Users\user2\NetHood C:\Users\user2\NTUSER.DAT C:\Users\user2\ntuser.dat.LOG1 C:\Users\user2\ntuser.dat.LOG2 C:\Users\user2\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf C:\Users\user2\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms C:\Users\user2\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms C:\Users\user2\ntuser.ini C:\Users\user2\PrintHood C:\Users\user2\Recent C:\Users\user2\SendTo C:\Users\user2\Start Menu C:\Users\user2\Templates C:\Users\user2\AppData\Local C:\Users\user2\AppData\LocalLow C:\Users\user2\AppData\Roaming C:\Users\user2\AppData\Local\Application Data C:\Users\user2\AppData\Local\History C:\Users\user2\AppData\Local\Microsoft C:\Users\user2\AppData\Local\Temp C:\Users\user2\AppData\Local\Temporary Internet Files C:\Users\user2\AppData\Local\Microsoft\Windows C:\Users\user2\AppData\Local\Microsoft\Windows\History C:\Users\user2\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\Users\user2\AppData\Local\Microsoft\Windows\usrclass.dat C:\Users\user2\AppData\Local\Microsoft\Windows\usrclass.dat.LOG1 C:\Users\user2\AppData\Local\Microsoft\Windows\usrclass.dat.LOG2 C:\Users\user2\AppData\Local\Microsoft\Windows\usrclass.dat{63e659dc-896e-11df-b03f-0050563a00b8}.TM.blf C:\Users\user2\AppData\Local\Microsoft\Windows\usrclass.dat{63e659dc-896e-11df-b03f-0050563a00b8}.TMContainer00000000000000000001.regtrans-ms C:\Users\user2\AppData\Local\Microsoft\Windows\usrclass.dat{63e659dc-896e-11df-b03f-0050563a00b8}.TMContainer00000000000000000002.regtrans-ms C:\Users\user2\AppData\Roaming\Microsoft C:\Users\user2\AppData\Roaming\Microsoft\Crypto C:\Users\user2\AppData\Roaming\Microsoft\Internet Explorer C:\Users\user2\AppData\Roaming\Microsoft\Protect C:\Users\user2\AppData\Roaming\Microsoft\SystemCertificates C:\Users\user2\AppData\Roaming\Microsoft\Windows C:\Users\user2\AppData\Roaming\Microsoft\Crypto\RSA C:\Users\user2\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1417001333-839522115-1801674531-177221 C:\Users\user2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch C:\Users\user2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\user2\AppData\Roaming\Microsoft\Protect\CREDHIST C:\Users\user2\AppData\Roaming\Microsoft\Protect\S-1-5-21-1417001333-839522115-1801674531-177221 C:\Users\user2\AppData\Roaming\Microsoft\SystemCertificates\My C:\Users\user2\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates C:\Users\user2\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs C:\Users\user2\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs C:\Users\user2\AppData\Roaming\Microsoft\Windows\Cookies C:\Users\user2\AppData\Roaming\Microsoft\Windows\Network Shortcuts C:\Users\user2\AppData\Roaming\Microsoft\Windows\Printer Shortcuts C:\Users\user2\AppData\Roaming\Microsoft\Windows\Recent C:\Users\user2\AppData\Roaming\Microsoft\Windows\SendTo C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu C:\Users\user2\AppData\Roaming\Microsoft\Windows\Templates C:\Users\user2\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini

Hi, According to the content, the profile seems to be created when the user encrypted/opened an EFS file on the server through network. If the profile was created recently, you can run cipher /S:<directory> to check if there is any EFS file on the server. Encrypted files will display with an "E" character. For your reference, the following is an output of a folder in C:\profile\: Listing c:\profile\ New files added to this directory will not be encrypted. U abc.txt ---> this file is not encrypted E EFSFile.txt ---> this file is encryptedThis posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Thanks for your help so far. I've scanned all of the Home Folders of each user and there are no files\folders with the Encyption attribute. I've tried Encyrpting files while logged on with my ordinary account (non admin account) to simulate running with the same rights as these users and then copying teh encrypted file to my Home Folder located on the server. I recieve a message saying that the location does not support Encyption..... Could this be somthing else? Thanks

Hi, There is another possiblity of this behavior , when you use runas command without /noprofile switch it creates new profiles. I have submitted this behavior to Microsoft for further evaluation.

Hi, Besides EFS, it is possible to programmatically cause a user's profile to be created without requiring an interactive logon by calling the LoadUserProfile() API. The following article could be helpful for you to troubleshoot the issue: How To Programmatically Cause the Creation of a User's Profile http://support.microsoft.com/kb/196070This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, How's everything going? Just want to check if there is anything unclear. If you need further assistance, please do not hesitate to respond back. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks. No closer to an answer. Not using EFS, not running anything that would call the LoadUserProfile() API (unless you mean that it could be called by a client machine)? Was hoping to hear somthing from the chap who submitted the issue to Microsoft. Regards