Purpose of the STATE key located in user's profiles?

There is a state key associated with every user's registry entry found here:



HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\[user's

SID]\State



Does anyone know what the values of that state key mean?  I'm trying to

find a way to know if a user is getting logged in with a temporary

profile and I'm hoping that key will have the answers.



I've been searching and searching and I can't seem to find any

information on the different values.  I'm guessing that it contains

information on whether the profile is roaming, mandatory, temporary,

etc.  Any help would be appreciated!



thanks,

mike

In microsoft.public.win2000.registry Mike S wrote:



> There is a state key associated with every user's registry entry

> found here:

>

> HKLM\Software\Microsoft\Windows

> NT\CurrentVersion\ProfileList\[user's SID]\State

>

> Does anyone know what the values of that state key mean?  I'm

> trying to find a way to know if a user is getting logged in with

> a temporary profile and I'm hoping that key will have the

> answers.



I think that the

System Properties, User Profiles

listing may be useful for profile-type.



> I've been searching and searching and I can't seem to find any

> information on the different values.  I'm guessing that it

> contains information on whether the profile is roaming,

> mandatory, temporary, etc.  Any help would be appreciated!



Sorry, I know of no documentation but seem to recall (very foggy

now)

256=Local

100=Mandatory

....BICBW.

Mark V wrote: 

>

> I think that the

>    System Properties, User Profiles

> listing may be useful for profile-type.



I forgot to mention, I'm trying to find a way to do this

programmatically in a logon script, otherwise yeah, that would probably

work.



> Sorry, I know of no documentation but seem to recall (very foggy

> now)

> 256=Local

> 100=Mandatory

> ...BICBW.



Yeah, that's the same stuff I've found.



I just put in a help request to MS so we'll see what they tell us.



thanks!

mike

Hey Mark,

I got this from a MS technician:



The State information for each profile is stored in the following location:



Key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\SID



Value: State



DataType: REG_DWORD



Data:



A value of 256 in the State would be decoded in this manner:

256 = 200 + 040 + 010 + 002 + 004



You can math the numbers with the following terms to determine the flag

settings on the profile:



001 = PROFILE_MANDATORY

Profile is mandatory.



002 = PROFILE_USE_CACHE

Update locally Cached profile.



004 = PROFILE_NEW_LOCAL

Using a new local profile.



008 = PROFILE_NEW_CENTRAL

Using a new central profile.



010 = PROFILE_UPDATE_CENTRAL

Need to update central profile.



020 = PROFILE_DELETE_CACHE

Need to delete cached profile.



040 = PROFILE_UPGRADE

Need to upgrade profile.



080 = PROFILE_GUEST_USER

Using guest user profile.



100 = PROFILE_ADMIN_USER

Using administrator profile.



200 = DEFAULT_NET_READY

Default net profile is available & ready.



400 = PROFILE_SLOW_LINK

Identified slow network link.



800 = PROFILE_TEMP_ASSIGNED

Temporary profile loaded.



Unfortunately, this does not answer how I could have gotten a value of

33028. Any ideas?!



thanks,

Mike



Mike S wrote:

> Mark V wrote: 

>

> I forgot to mention, I'm trying to find a way to do this

> programmatically in a logon script, otherwise yeah, that would probably

> work.

> 

>

> Yeah, that's the same stuff I've found.

>

> I just put in a help request to MS so we'll see what they tell us.

>

> thanks!

> mike

In microsoft.public.win2000.registry Mike S wrote:

[vbcol=seagreen]

> Mike S wrote: 

[ ][vbcol=seagreen] 



> Hey Mark,

> I got this from a MS technician:

>

> The State information for each profile is stored in the

> following location:

>

> Key: HKLM\Software\Microsoft\Windows

> NT\CurrentVersion\ProfileList\SID

>

> Value: State

>

> DataType: REG_DWORD

>

> Data:

>

> A value of 256 in the State would be decoded in this manner:

> 256 = 200 + 040 + 010 + 002 + 004



Hex.



> You can math the numbers with the following terms to determine

> the flag settings on the profile:

>

> 001 = PROFILE_MANDATORY

> Profile is mandatory.

>

> 002 = PROFILE_USE_CACHE

> Update locally Cached profile.

>

> 004 = PROFILE_NEW_LOCAL

> Using a new local profile.

>

> 008 = PROFILE_NEW_CENTRAL

> Using a new central profile.

>

> 010 = PROFILE_UPDATE_CENTRAL

> Need to update central profile.

>

> 020 = PROFILE_DELETE_CACHE

> Need to delete cached profile.

>

> 040 = PROFILE_UPGRADE

> Need to upgrade profile.

>

> 080 = PROFILE_GUEST_USER

> Using guest user profile.

>

> 100 = PROFILE_ADMIN_USER

> Using administrator profile.

>

> 200 = DEFAULT_NET_READY

> Default net profile is available & ready.

>

> 400 = PROFILE_SLOW_LINK

> Identified slow network link.

>

> 800 = PROFILE_TEMP_ASSIGNED

> Temporary profile loaded.

>

> Unfortunately, this does not answer how I could have gotten a

> value of 33028. Any ideas?!



No clue at all!  But thanks for the research and follow-up post

here.  I'll point someone to here that maintains a central listing

for possible inclusion there.  If accepted I will provide the link

or reference.



Did you ask the MS Tech about that "33028" data?  "Dunno" might

have been the response perhaps.  I also wonder if this has remained

static and unchanged in all versions of NTx to date.  The big

question is can you replicate the conditions that created that

value.  IOW, valid but undocumented vs. an actual bad value/error?

What OS version there?



All of my active local admin accounts here on W2K are "256"dec

(eg 0x00000100) which matches up with 100h = "PROFILE_ADMIN_USER"

One User (local and non-mandatory) account shows a zero value for

"State".

I will ask in another group for example data...

On Tue, 19 Dec 2006 14:56:34 -0800, Mike S <msoultan@csulb.edu> wrote:

[vbcol=seagreen]

>Hey Mark,

>I got this from a MS technician:

>

>The State information for each profile is stored in the following location:

>

>Key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\SID

>

>Value: State

>

>DataType: REG_DWORD

>

>Data:

>

>A value of 256 in the State would be decoded in this manner:

>256 = 200 + 040 + 010 + 002 + 004

>

>You can math the numbers with the following terms to determine the flag

>settings on the profile:

>

>001 = PROFILE_MANDATORY

>Profile is mandatory.

>

>002 = PROFILE_USE_CACHE

>Update locally Cached profile.

>

>004 = PROFILE_NEW_LOCAL

>Using a new local profile.

>

>008 = PROFILE_NEW_CENTRAL

>Using a new central profile.

>

>010 = PROFILE_UPDATE_CENTRAL

>Need to update central profile.

>

>020 = PROFILE_DELETE_CACHE

>Need to delete cached profile.

>

>040 = PROFILE_UPGRADE

>Need to upgrade profile.

>

>080 = PROFILE_GUEST_USER

>Using guest user profile.

>

>100 = PROFILE_ADMIN_USER

>Using administrator profile.

>

>200 = DEFAULT_NET_READY

>Default net profile is available & ready.

>

>400 = PROFILE_SLOW_LINK

>Identified slow network link.

>

>800 = PROFILE_TEMP_ASSIGNED

>Temporary profile loaded.

>

>Unfortunately, this does not answer how I could have gotten a value of

>33028. Any ideas?!

>

>thanks,

>Mike

>

>Mike S wrote: 



33028 is hex 8104h.

If you ignore the 8000h bit, this is a new local administrator.

How was it created? I expect the create process set the 8000h bit



Jerold Schulman

Windows Server MVP

JSI, Inc.

[url]http://www.jsiinc.com[/url]

[url]http://www.jsifaq.com[/url]

Jerold Schulman wrote:

> 33028 is hex 8104h.

> If you ignore the 8000h bit, this is a new local administrator.

> How was it created? I expect the create process set the 8000h bit



Hey Jerold,

Just so you know, the reason I am asking this information is because I

want to know when a user gets logged in with a temporary profile.  I am

NOT trying to figure out why the user got logged in with a temp profile

(I already know why), I just want to be able to detect if it happens

mitigate the situation gracefully.



So, I just logged in with an account that got loaded into a temp profile

(Lotus Notes decided it wanted to hold the ntuser.dat file open, if

you're curious).  My SID is the following:



S-1-5-21-1534095646-1438609452-5522801-16269



In the registry, I have the following values under this key:



....\ProfileList\S-1-5-21-1534095646-1438609452-5522801-16269



- State: 19204 (decimal)

- ProfilePath: %SystemDrive%\Documents and Settings\TEMP



It seems that Windows also makes a backup of my original profile before

logging me in with the above path:



....\ProfileList\S-1-5-21-1534095646-1438609452-5522801-16269.bak\



- State: 33024 (decimal)

- ProfilePath: %SystemDrive%\Documents and Settings\msoultanian





So, that is where I am getting these values.  My goal here is for my

VBScript to be able to read in the State value, interpret the value so I

can accurately know whether or not the user is logged in with a

temporary profile, and then act accordingly.  I could just test to see

if it's above 19000, but I really don't like doing that because it seems

clumsy.



I haven't figured out how these values should match up with the values I

got from the Microsoft technician so that's where I'm hoping someone

will be able to help out.



Just for the sake of information, here are some other state values that

I've found assigned to users and their associated binary and hex values:



1000000100000100 - 33028 (8104h) - temporary user backup

1000000100000000 - 33024 (8100h) - also from a temporary user backup

100101100000100 - 19204 (4B04) - temporary account

1100000100 - 772 (304h) - not sure

100000000 - 256 (100h) - seems like normal status



So, any thoughts?  I really appreciate your help as I have been trying

to figure this out for a very looooooong time!



Thanks,

Mike



[vbcol=seagreen]

> On Tue, 19 Dec 2006 14:56:34 -0800, Mike S <msoultan@csulb.edu> wrote:

> 

location:[vbcol=seagreen] 

flag settings on the profile:[vbcol=seagreen] 

of 33028. Any ideas?![vbcol=seagreen] 

be useful for profile-type.[vbcol=seagreen] 

programmatically in a logon script, otherwise yeah, that would probably

work. 

>

> 33028 is hex 8104h.

> If you ignore the 8000h bit, this is a new local administrator.

> How was it created? I expect the create process set the 8000h bit

>

> Jerold Schulman

> Windows Server MVP

> JSI, Inc.

> [url]http://www.jsiinc.com[/url]

> [url]http://www.jsifaq.com[/url]

Mark V wrote:

> In microsoft.public.win2000.registry Mike S wrote:

> 

> [ ] 

> 

>

> Hex.

> 

>

> No clue at all!  But thanks for the research and follow-up post

> here.  I'll point someone to here that maintains a central listing

> for possible inclusion there.  If accepted I will provide the link

> or reference.

>

> Did you ask the MS Tech about that "33028" data?  "Dunno" might

> have been the response perhaps.  I also wonder if this has remained

> static and unchanged in all versions of NTx to date.  The big

> question is can you replicate the conditions that created that

> value.  IOW, valid but undocumented vs. an actual bad value/error?

> What OS version there?

>

> All of my active local admin accounts here on W2K are "256"dec

> (eg 0x00000100) which matches up with 100h = "PROFILE_ADMIN_USER"

> One User (local and non-mandatory) account shows a zero value for

> "State".

> I will ask in another group for example data...

>



Hey Mark,

When I was talking to the tech, they kept wanting to know why a

temporary profile was getting loaded and I kept trying to tell them that

that wasn't my issue.  I know why it's happening (Lotus Notes, among

other programs, sometimes holds it open) and I want to be able to detect

that error state.  I am also doing some other profile things that tend

to lock it up as well, so I just need to be able to mitigate those

situations and handle them gracefully.  Anyways, I finally got to

someone on the AD development team and she found that internal listing

of State values and sent it to me.  I didn't really get to ask about the

33028 because she barely understood the question, and I was SOOO happy

to get that State data that I told her I'd look into it and see if it

solved my problem instead of confusing her any more ;)



I can easily replicate the problem and this is happening on an XP Pro

box.  However, I believe that it will happen on other NTx flavors of

Windows as well, and I'd venture to guess that those State values are

the same for the different OSes.



Lemme know if you hear anything from your other groups.  Also, you might

want to take a look at my reply to Jerold as it might be helpful.  I'm

pretty excited that I got this information from MS so far and this might

open up some pretty nifty opportunities to understand what's going on

internally with user profiles!



Thanks,

Mike

In-Line



On Tue, 19 Dec 2006 19:16:03 -0800, Mike S <msoultan@csulb.edu> wrote:



>Jerold Schulman wrote: 

>

>Hey Jerold,

>Just so you know, the reason I am asking this information is because I

>want to know when a user gets logged in with a temporary profile.  I am

>NOT trying to figure out why the user got logged in with a temp profile

>(I already know why), I just want to be able to detect if it happens

>mitigate the situation gracefully.

>

>So, I just logged in with an account that got loaded into a temp profile

>(Lotus Notes decided it wanted to hold the ntuser.dat file open, if

>you're curious).  My SID is the following:

>

>S-1-5-21-1534095646-1438609452-5522801-16269

>

>In the registry, I have the following values under this key:

>

>...\ProfileList\S-1-5-21-1534095646-1438609452-5522801-16269

>

>  - State: 19204 (decimal)

>  - ProfilePath: %SystemDrive%\Documents and Settings\TEMP

>



19204 is hex 4b04 or

0010101100000100 or



004 = PROFILE_NEW_LOCAL

100 = PROFILE_ADMIN_USER

200 = DEFAULT_NET_READY

800 = PROFILE_TEMP_ASSIGNED







>It seems that Windows also makes a backup of my original profile before

>logging me in with the above path:

>

>...\ProfileList\S-1-5-21-1534095646-1438609452-5522801-16269.bak\

>

>  - State: 33024 (decimal)

>  - ProfilePath: %SystemDrive%\Documents and Settings\msoultanian

>



This is hex 8100 or

1000000100000000 or



100 = PROFILE_ADMIN_USER



See tip  8968 » How can I convert a hexadecimal number to decimal, or a decimal number to hexadecimal, in a batch?

in the 'Tips & Tricks' at [url]http://www.jsifaq.com[/url]



The perform the test in batch, assume %State% contains the state:



call hexec %State% hex

set /a ans="%hex%&0x800"

if %ans% EQU 2048 goto Temp_Profile



If you don't want to use a 3rd party routine:



set /a ans1=%State% / 2048

set /a ans2=%State%%%2048

set /a ans3=(%ans1% * 2048) + %ans2%

set /a ans="%ans3%&0x800"

if %ans% EQU 2048 goto Temp_Profile







[vbcol=seagreen]

>

>So, that is where I am getting these values.  My goal here is for my

>VBScript to be able to read in the State value, interpret the value so I

>can accurately know whether or not the user is logged in with a

>temporary profile, and then act accordingly.  I could just test to see

>if it's above 19000, but I really don't like doing that because it seems

>clumsy.

>

>I haven't figured out how these values should match up with the values I

>got from the Microsoft technician so that's where I'm hoping someone

>will be able to help out.

>

>Just for the sake of information, here are some other state values that

>I've found assigned to users and their associated binary and hex values:

>

>1000000100000100 - 33028 (8104h) - temporary user backup

>1000000100000000 - 33024 (8100h) - also from a temporary user backup

>  100101100000100 - 19204 (4B04) - temporary account

>       1100000100 - 772 (304h) - not sure

>        100000000 - 256 (100h) - seems like normal status

>

>So, any thoughts?  I really appreciate your help as I have been trying

>to figure this out for a very looooooong time!

>

>Thanks,

>Mike

>

> 

>location: 

>flag settings on the profile: 

>of 33028. Any ideas?! 

>be useful for profile-type. 

>programmatically in a logon script, otherwise yeah, that would probably

>work. 



Jerold Schulman

Windows Server MVP

JSI, Inc.

[url]http://www.jsiinc.com[/url]

[url]http://www.jsifaq.com[/url]

I am having a bad day.



All that is needed is:



set /a ans="%state%&0x800"

if %ans% EQU 2048 goto Temp_Profile







On Tue, 19 Dec 2006 19:16:03 -0800, Mike S <msoultan@csulb.edu> wrote:

[vbcol=seagreen]

>Jerold Schulman wrote: 

>

>Hey Jerold,

>Just so you know, the reason I am asking this information is because I

>want to know when a user gets logged in with a temporary profile.  I am

>NOT trying to figure out why the user got logged in with a temp profile

>(I already know why), I just want to be able to detect if it happens

>mitigate the situation gracefully.

>

>So, I just logged in with an account that got loaded into a temp profile

>(Lotus Notes decided it wanted to hold the ntuser.dat file open, if

>you're curious).  My SID is the following:

>

>S-1-5-21-1534095646-1438609452-5522801-16269

>

>In the registry, I have the following values under this key:

>

>...\ProfileList\S-1-5-21-1534095646-1438609452-5522801-16269

>

>  - State: 19204 (decimal)

>  - ProfilePath: %SystemDrive%\Documents and Settings\TEMP

>

>It seems that Windows also makes a backup of my original profile before

>logging me in with the above path:

>

>...\ProfileList\S-1-5-21-1534095646-1438609452-5522801-16269.bak\

>

>  - State: 33024 (decimal)

>  - ProfilePath: %SystemDrive%\Documents and Settings\msoultanian

>

>

>So, that is where I am getting these values.  My goal here is for my

>VBScript to be able to read in the State value, interpret the value so I

>can accurately know whether or not the user is logged in with a

>temporary profile, and then act accordingly.  I could just test to see

>if it's above 19000, but I really don't like doing that because it seems

>clumsy.

>

>I haven't figured out how these values should match up with the values I

>got from the Microsoft technician so that's where I'm hoping someone

>will be able to help out.

>

>Just for the sake of information, here are some other state values that

>I've found assigned to users and their associated binary and hex values:

>

>1000000100000100 - 33028 (8104h) - temporary user backup

>1000000100000000 - 33024 (8100h) - also from a temporary user backup

>  100101100000100 - 19204 (4B04) - temporary account

>       1100000100 - 772 (304h) - not sure

>        100000000 - 256 (100h) - seems like normal status

>

>So, any thoughts?  I really appreciate your help as I have been trying

>to figure this out for a very looooooong time!

>

>Thanks,

>Mike

>

> 

>location: 

>flag settings on the profile: 

>of 33028. Any ideas?! 

>be useful for profile-type. 

>programmatically in a logon script, otherwise yeah, that would probably

>work. 



Jerold Schulman

Windows Server MVP

JSI, Inc.

[url]http://www.jsiinc.com[/url]

[url]http://www.jsifaq.com[/url]