In tip 7815 - Some user profiles will not unload,
I described the UPHClean Service.
I have scripted UPHClean_App_Log.bat to cause the UPHClean Service, on every computer in your domain, to log when it had to free resources. After running UPHClean_App_Log.bat, the Application event log will contain Event ID 1201 with Source UPHClean, when resources were locked. The event would be similar to:
Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1201
Date: MM/DD/YYYY
Time: HH:MM:SS
User: <UserName>
Computer: <ComputerName>
Description:
The following handles in user profile hive <UserName> (<SID>) have been closed because they were preventing the profile
from unloading successfully:
winlogon.exe (844)
HKCU (0x744)
call stack data collection not enabled for this process
svchost.exe (1108)
HKCU (0x334)
call stack data collection not enabled for this process
InoRT.exe (1828)
HKCU\Software\Classes (0x274)
call stack data collection not enabled for this process
For more information,
see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
NOTE: See How do I cause the User Profile Hive Cleanup Service (UPHClean) to NOT force resources to close?
The syntax for using UPHClean_App_Log.bat is:
UPHClean_App_Log
NOTE: The output is displayed on the CMD console, but you can pipe it to a file using the following syntax:
UPHClean_App_Log>FileName
NOTE: UPHClean_App_Log.bat uses REG.EXE and NETDOM.EXE built into Windows XP and Windows Server 2003, or from the Windows 2000 Support Tools.
UPHClean_App_Log.bat contains:
@echo off setlocal set netdm=netdom query /domain:%userdnsdomain% for /f "Skip=1 Tokens=*" %%c in ('%netdm% dc^|find /v /i "The command completed successfully."') do ( set cmp=%%c call :doit ) for /f "Skip=1 Tokens=*" %%c in ('%netdm% server^|find /v /i "The command completed successfully."') do ( set cmp=%%c call :doit ) for /f "Skip=1 Tokens=*" %%c in ('%netdm% workstation^|find /v /i "The command completed successfully."') do ( set cmp=%%c call :doit ) endlocal @echo ********************** exit /b 0 :doit set work=%cmp: ( Workstation or Server )=% if "%work%" NEQ "%cmp%" set cmp=%work%# set cmp=%cmp: #=% set cmp=%cmp:#=% @echo ********************** @echo. @echo Process %cmp% REG ADD \\%cmp%\HKLM\SYSTEM\CurrentControlSet\Services\UPHClean\Parameters /v CALLSTACK_LOG /t REG_DWORD /d 00000001 /f @echo.