Wednesday, March 21, 2007

VBScript: Unload Non-Active User Hives From Registry

In Windows 2000 Terminal Server/Citrix environments, it often happens that after users have logged off, their user registry hive doesn't unload automatically from HKEY_USERS\, which in turn keeps consuming registry space and causes it to go out of sufficient free space. The workaround is to launch REGEDT32.EXE (on W2K) or REGEDIT (on W2K3) and manually unload user hives from HKU, but again you'll need to manually figure out who all are active users and exclude those from unloading. This manual process requires converting each of the logged-in user IDs into their respective SIDs and searching them in HKU to exclude.

This script addresses these issues and automates the process of unloading only non-active user hives from HKEY_USERS. This script first converts each of the loaded user SIDs into user names, then attempts to unload all but the active ones by matching those user names with the output from 'query user' command. Below are more details:

Expected Input: Target computer name. By default it’ll show local computer name where it is executed from, which can be changed to any target system. This script can be run from the local desktop session, no need to login into remote system.

Definite Output: The output file will open automatically in notepad after script execution, and will be stored in C:\TEMP\UnloadHive-SERVERNAME.log on the system where it is run. The output file shows a quick summary of how many hives unloaded successfully and registry space gained. This script also keeps updating a single log file (CSV) with summary result of each execution - in case any data analysis or trend analysis is required to do in future.

Dependency: Requires psgetsid.exe to be present in the same directory where script is. It is recommended to copy psgetsid.exe in the executable path on the local machine (e.g., C:\Windows\).

Download the script here.

3 comments:

Soeren said...

Hello,

Nice idea with this script. I will try it shortly, as I experience a lot of issues with "stuck profiles" on Windows 2008.
They show up as domain_username in the HKEY_USERS, and I can manually unload them, and they can log on using their right profile again.

I manually fixed it this time, but the next time I will try your script.

At first glance looking at your script, it looks like what I need, so I hope it works for me.

One thing to mentionis, that when I do query user, administrator (admin users?) are prefixed with a '>', rather than a ' ' unlike all users. That means it tries to unload the administrator-hive.

I'll let you know how it works out.

Semion said...

Thanks , great script , i was unable unload manually from one of my terminal servers , and your script just worked fine , its rare i got working script from internet without any changes .

CTX-Admin said...

Freaking brilliant. Works spectacularly well out of the box. I modified to exclude certain service accounts and spit out a bit more logging. Perfect in a pinch to clean up profiles in a Citrix environment while I troubleshoot a misbehaving UPM.