Symptoms
In Windows, the following event may be logged in the Application log:
Provider
[Name] Microsoft-Windows-User Profiles Service
[Guid] {GUID}
[EventSourceName] profsvc
EventID 1530
message similar to
3 user registry handles leaked from \Registry\User\S-1-5-21-1049297961-3057247634-349289542-1004_Classes:
Process 2428 (\Device\HarddiskVolume1\myprocess.exe) has opened key \REGISTRY\USER\S-1-5-21-1123456789-3057247634-349289542-1004
If a service or background service uses a user specific hive because it runs under a specific user identity and the relevant user account logs out.
Cause
This behavior occurs because Windows automatically closes any registry handle to a user profile that is left open by an application. Windows does this when Windows tries to close a user profile.
Note Event ID 1530 is logged as a Warning event. The application that is listed in the event detail is leaving the registry handle open and should be investigated.
Status
This behavior is by design.