4

Recently in our IT department we've noticed each others user accounts under documents and settings. Which is strange because we've never logged into each others machines. There were a few times I'd run psexec in order to apply BIOS/system settings, but never a full login. Also there hasn't been anyone else who has done any psexec/scripting that would connect to anyone else's machines(except for running management tools against the remote machine, like compmgmt.msc)

My simple question is why these user account profiles would be created without logging in?

The strange part is that we cannot delete these profiles if we've been logged in for a while, though if we reboot, log in, we can then remove. Although the profile will come back after a random amount of time.

EDIT I've looked through event log after event log, no event correlating to the profile creation, maybe i'm missing something :(

SteveButler
  • 63
  • 1
  • 5
  • I've seen this too, never found the answer. – Lance Roberts Aug 05 '09 at 15:05
  • Likewise, and never found anything definitive. What I do know is that in my case it wasn't a service or a runas. – Maximus Minimus Aug 05 '09 at 16:24
  • With psexec you can try using the -e switch to not load the user profile or -s to run under the target's System account - sorry this doesn't help explain under what circumstances the profile is created though – August Aug 05 '09 at 16:30
  • If you run psexec without -e, then it will load your profile. In general, any time you use your credentials on another Windows machine (even if it is not an interactive logon), Windows will download/create your profile, because it expects it to exist. – shufler Aug 05 '09 at 17:03

3 Answers3

1

If there's any form of authentication of a user on a given machine, a profile may result. This can be through a service configured as a given user, COM+ applications configured as a given user, impersonation, user executing commands as another user with 'runas', or any other authentication event.

Chris J
  • 1,218
  • 18
  • 32
  • This is what i was thinking, but why then is it not consistent? I'm going to be testing some scripts I've written, especially ones that rely on psexec. It seems even more strange, because I'm the resident script writer, nobody else really uses scripts for remote tasks, and we almost never even access files from each others machines(we have a file server for that) – SteveButler Aug 05 '09 at 16:23
  • Ours is not to reason why the will of Microsoft... if everyone knew the rules, there'd be less need for serverfault.com :-) – Chris J Aug 05 '09 at 20:12
1

I'm using psexec ver 1.94 and it offers the following cla:

-e Does not load the specified account's profile.

As a member of the domain admin's group, I dont explicitly authenticate each time I connect to a machine, but a profile is created for me anyway. The -e argument stops this from happening (and significantly speeds up the psexec session!).

To solve the same problem, runas.exe offers:

/noprofile
specifies that the user's profile should not be loaded. This causes the application to load more quickly, but can cause some applications to malfunction.

A moment ago I tested a dcom app (wmic.exe) against a machine where I dont have a profile, and no profile was created. I was surprised by this, and think that COM+ authentication and profile generation need more testing.

Rob

RobW
  • 2,806
  • 1
  • 19
  • 22
0

Perhaps windows file shares or other remote connections are causing some kind of login to occur?

Chris Nava
  • 1,147
  • 1
  • 7
  • 9