Symptoms

In Windows, the following event may be logged in the Application log:

Provider [Name] Microsoft-Windows-User Profiles Service [Guid] {GUID} [EventSourceName] profsvc

EventID 1530 message similar to 3 user registry handles leaked from \Registry\User\S-1-5-21-1049297961-3057247634-349289542-1004_Classes: Process 2428 (\Device\HarddiskVolume1\myprocess.exe) has opened key \REGISTRY\USER\S-1-5-21-1123456789-3057247634-349289542-1004 If a service or background service uses a user specific hive because it runs under a specific user identity and the relevant user account logs out.

Cause

This behavior occurs because Windows automatically closes any registry handle to a user profile that is left open by an application. Windows does this when Windows tries to close a user profile. Note Event ID 1530 is logged as a Warning event. The application that is listed in the event detail is leaving the registry handle open and should be investigated.  

Status

This behavior is by design.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.