User Account confusions

Please post a screenshot of the PS window showing the command and that response.

Dens

OK. I thought it might be a typo.

Denis

I have run into difficulties trying to copy the Profile Image result. I did copy one but could only record it prior to linking it with Name/SID as instructed by pasting into a Word file. But this file has disappeared. It did not save either to This PC Documents nor to mjcx2 documents. And it does not appear in recent files.

I looked on Google which refers to a Copy Profile method but it has a great many caveats and looks too complicated for me to risk using it, especially as I am not even sure it will achieve our objective.


This is how far I got



- - - Updated - - -

Cannot see how to confirm I have sent edited post.

Things like that 'Copy profile' method you mentioned are not required [they are far too complicated anyway].

Just use the procedure in post #6. If you lost the results the first time then use SaveAs instead of just Save so you can choose which folder to save the results in.
By the way, you can save the results in any text editor [such as Notepad].
If you like, you can just do step 1.1 [paste the results here] for now then we'll tackle the Registry bit step by step.

Try3 said:

1 Please open a PowerShell prompt [right-click on Start button, Windows PowerShell] then paste in this command

Code:

wmic useraccount get name,sid

Press return then do these things with the results -

1.1 Select them all then paste them here in the thread.

1.2 Amongst the Name entries will be

granny counter
mjcx2
thoma
louis

and I need you to note their SID entries [for your use in step 2].

2 Run RegEdit and paste this into its address bar to get straight to the Key of interest

Code:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

then, for each of the SIDs you just noted, look in the right hand side for the entry

Code:

ProfileImagePath

then double-click on ProfileImagePath to open the entry so you can select, copy & post it here together with the Name/SID so I can be certain which result relates to which user account.

Those results will confirm which subfolders within C:\Users are in use by your user accounts. The nature of the remaining subfolders can then be investigated [including, but not limited to, the Tempus fugit one that you mentioned].

All the best,
Denis

Right.

You can ignore

DefaultAccount
Guest
WDAGUtilityAccount

2 Run RegEdit and paste this into its address bar to get straight to the Key of interest

Code:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

- You can just paste over whatever is already in its address bar [which will start with or be the word Computer]

2.1 You'll see something like this


2.2 Select each of these in turn
S-1-5-21-954167667-1140315293-2872889775-500 [for info on Administrator]
S-1-5-21-954167667-1140315293-2872889775-1073 [for info on granny counter]
S-1-5-21-954167667-1140315293-2872889775-1031 [for info on louis]
S-1-5-21-954167667-1140315293-2872889775-1072 [for info on mjcx2]
S-1-5-21-954167667-1140315293-2872889775-1030 [for info on thoma]
You do not need to check that great mass of numbers in the middle. What matters are the leading and ending numbers such as S-1-5-21- … -500


2.3 For each one of them, look in the right-hand side and double-click on the word
ProfileImagePath
and this will appear


2.4 When it appears, right-click on the [already-selected] path shown in the dialog, such as the C:\Users\Administrator shown in my example, and select Copy.

2.5 Paste the path into your results list so you get something like
Administrator S-1-5-21-954167667-1140315293-2872889775-500 C:\Users\Administrator
then, back in the dialog, click on Cancel to get rid of it.

2.6 Repeat 2.3-2.6 for each one.

2.7 Save the results list for your own records then paste the results list in this thread.


We should then be able to shed some more light onto that mass of subfolders you showed earlier on in the thread.

Denis

I created a Marie Notebook in TOSHIBA External Hard Drive as I dont seem to be able reliably to save documents in any of the User Accounts.

Here is the result::marie`s notebook 1 26 08 2021

Profile Image Path

C:\Users\thoma thoma S-1-5-21-954167667-1140315293-2872889775-1030

C:\Users\louis louis S-1-5-21-954167667-1140315293-2872889775-1031

C:\Users\mjcx2.LAPTOP-QIGMIR90 mjcx2 S-1-5-21-954167667-1140315293-2872889775-1072

C:\Users\granny counter granny conter S-1-5-21-954167667-1140315293-2872889775-1073

granny counter misspelt in Windows PowerShell

*mjcx2 shows up without LAPTOPQUIGO suffix in Windows PowerShell List.

mjcx2.LAPTOPGUIGO shows up in Registry as referring to mjcx2

nb Administrator S-1-5-21-954167667-1140315293-2872889775-500 shows up in Windows PowerShell but not in Registry.

and Guest S-1-5-21-954167667-1140315293-2872889775-501# also in Windows PowerShell but not in Registry


- - - Updated - - -

Sorry -posting it ruined all my careful text arrangement !
Administrator entry got lost in the copying