Question Corrupted NTUSER.DAT file

[Wolfshadw]

Does anyone know if I can use the default NTUSER.DAT file from Winver 2004 to replace a corrupted winver 1903 NTUSER.DAT file?

-Wolf sends

 

[Colif]

side answer... here is an older answer from 2011 -

The ntuser file at WINDOWS\repair is from the default user, what you need is a "ntuser.backup" located in your user profile folder.. unhide files and folder from the Tools > Folder Options > View > "Show hidden files and folders" and "Hide protected system files (recommended)... you should have at least one backup of ntuser. First rename or move to another folder the old ntuser.dat (which you have already done) and next rename the ntuser.backup file to ntuser.dat, and restart the computer. The user account should be restored to the date of the ntuser.backup which means the settings you have changed since that date will be lost. This will change the account registry data so backup personal files to prevent possible loss....

Corrupt ntuser.dat - can I replace it with a copy?

Hello. My old computer suddenly got a corrupted user profile. When trying to log on, I get an error saying "Windows could not load the locally stored user profile, etc". I fixed this twice with chkdsk /f /r, but that no longer works properly. Don't know if I should make a new profile or not, so...

forums.tomshardware.com

here be some other fixes - https://www.tenforums.com/general-support/67875-corrupt-ntuser-dat-file-default-folder.html

nothing directly answering your question though.

 

[Wolfshadw]

Appreciate that, but

1. It's not my system, It's my Sister-In-Law's and there is no back up.
2. I've already tried creating a new user. It's the default NTUSER.DAT file that appears to be corrupted.

The account that has administrative privileges works just fine. The secondary user account is corrupt. Attempting to log in immediately goes to a logging out window. I created a brand new account on the computer and when trying to log into that account, the same logging out process occurs.

-Wolf sends

 

[Colif]

fixing win 10 profiles reveals one weakness in win 10, user profiles break too easy. It happened to me in the past.

I don't suppose you can get the iso for 1903 as then you could try a repair install.

 

[Wolfshadw]

fixing win 10 profiles reveals one weakness in win 10, user profiles break too easy. It happened to me in the past.

I don't suppose you can get the iso for 1903 as then you could try a repair install.

Come to think of it, when I rebuilt my mother's computer, I may have used 1903. Have to find that USB and check.

-Wolf sends

 

[Colif]

https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html

since the default user works that should work.

 

[Wolfshadw]

Admin User Account works. Default user does not. All new accounts are made using the default user.

Repair is not an option given what I have. It does not allow me to keep personal files and apps as it says I'm trying to install an older version of Windows. Any ideas how to download ver 1903 of Windows 10?

-Wolf sends

 

[johnbl]

you might search your computer for other copies of the file:
start cmd.exe as an admin
cd c:\
attrib.exe /s ntuser.*
mine shows the following files:
(all of the transaction logs, and ntuser.dat from different directories, I am not sure if any would be useful)
(not sure if there is a free tool to read the transaction logs. maybe forensics tools)
(it would be good to know how the files got corrupted and fix that problem)

C:\>attrib /s ntuser.*
A H I C:\Users\Cloud\NTUSER.DAT
A SH C:\Users\Cloud\ntuser.dat.LOG1
A SH C:\Users\Cloud\ntuser.dat.LOG2
A SH C:\Users\Cloud\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf
A SH C:\Users\Cloud\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms
A SH C:\Users\Cloud\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms
SH C:\Users\Cloud\ntuser.ini
A C:\Users\Default\NTUSER.DAT
A SH C:\Users\Default\NTUSER.DAT.LOG1
A SH C:\Users\Default\NTUSER.DAT.LOG2
A SH C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf
A SH C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms
A SH C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms
A C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
A SH C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
A SH C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
A SH C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf
A SH C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms
A SH C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms
A C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
A SH C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
A SH C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
A SH C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf
A SH C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms
A SH C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms

 

[gardenman]

C:\Users\Default\NTUSER.DAT
is the one he needs, from a 1903 version of Windows. It would be unmodified and not have any extra Windows settings saved to it yet. (It is a registry file as far as I know).

I might have the ISO, I haven't looked yet but I usually keep the last 3 to 5 Windows ISOs. @johnbl, is there an easy way to extract the NTUSER.DAT from the ISO? Or would I have to install a copy of that Windows to a VM and copy the file from there (that would take a long time).
...I'm just brainstorming here.

Edit: Found these:

Edit: I'm pretty sure the NTUSER.DAT is created during the setup, so you can't extract it from the ISO. I did use 7-Zip to look through the ISO first but couldn't find it. So I installed 1903 into a VM. Final results: The NTUSER.DAT from 1903 is not the same file as the NTUSER.DAT from 20H2, so it's unlikely that it matches the 2004 version either.

 

[Wolfshadw]

So it appears that the issue is worse than I originally thought. With the 1903 NTUSER.DAT file, supplied by @gardenman (Thanks!), I'm still getting the same results with new accounts logging out immediately after entering the password. I guess I have more digging to do.

Thanks to all who have responded!

-Wolf sends

 

[Wolfshadw]

And another wrinkle. Seems another update was due on this computer (performed one to get to 1903 yesterday). This one updated to 1909. If the NTUSER.DAT file is different for each version, then this new update should have replaced the "corrupt" default file. To test, I created a new account once more and I'm STILL having the same issue. The account logs off as soon as the password is typed in. The primary (admin) account still works just fine.

-Wolf sends

P.S. If anyone is interested, it's an older Acer laptop: Aspire E 15 : E5-571-563B

 

[ex_bubblehead]

You may well have reached the point at which only a clean reinstall will fix this.

 

[Wolfshadw]

I'm fairly certain that in order to get this completely resolved, a clean install is necessary. However, it appears that as a temporary fix, changing the account to an administrative type resolves the issue. She doesn't use this device fir anything important. There's just some information here that she needed (bookmarks, e-mails, etc..).

-Wolf sends

 

[Colif]

Edit: I'm pretty sure the NTUSER.DAT is created during the setup, so you can't extract it from the ISO.

This might tie into fact that during install a user called defaultuser is used in the period of the install you are running off USB. NTUSER.DAT is likely created once you boot off the C drive. Once accounts are created defaultuser is deleted.

So all the accounts that auto logged out were just local accounts? not admin? not sure what it changes, maybe permissions.

 

[gardenman]

I was afraid the file wouldn't help, because when I was searching the net for a copy of the file (which I never found) I did see other forums where people had gotten a copy of the file and still had problems. The one I sent was one that I copied from a fresh Win 10 1903 install (into a VM).

Here's a page where the last 2 commenters say to rename the new userprofile folder. Then log in again and Windows should create a new profile folder with all new files. Will that work? I have no idea.
https://community.spiceworks.com/topic/415146-single-user-logged-off-instantly-corrupt-ntuser-dat

I'm glad you got it half-way working though.

 

[Wolfshadw]

This might tie into fact that during install a user called defaultuser is used in the period of the install you are running off USB. NTUSER.DAT is likely created once you boot off the C drive. Once accounts are created defaultuser is deleted.

So all the accounts that auto logged out were just local accounts? not admin? not sure what it changes, maybe permissions.

Actually, no. The account I was originally trying to recover was a Microsoft account. When that didn't work, I tried creating a local account and that didn't work either. Seems there may be an issue with standard user accounts that does not affect administrative accounts. I need to perform a clean install on this unit once Sis-In-Law has all she needs from the unit.

-Wolf sends