I've ran into an issue where some servers will not release the handle on the ntuser.dat file even after a reboot. Or quite possible, after the reboot, the ntuser.dat file is getting re-loaded into memory. The user accounts are definitely not being accessed (some of them belong to users that have not been with the company in over a year). It seems to be on Windows 2003 servers, but I can't be 100% certain that there aren't some 2000 servers showing this issue as well.
When I try to use process explorer or handle.exe from sysinternals to kill the handle on these ntuser.dat files, the handle remains open and connected. Handle.exe even reports that the handle was broken while it remains in use. I've even taken ownership on the file and tried to kill the handle to no effect (windows shows I have ownership of the file, but still refuses to release the handle).
I have looked into the registry to see if I can discover where the files may be getting loaded at. Unfortunately, the username is appearing in too many places for me to be certain which one is actually loading their reg file into memory.
Any suggestions on how I can either break the handle on the files, or prevent them from getting re-loaded after a reboot?
UPDATE: Per suggestions, I've checked to see if there are any processes running under those user accounts and haven't found any. I did try deleting the user profiles through System Management and the delete option on the profile list is grayed out.
Best Answer
you can use PendMove/MoveFile from http://www.sysinternals.com/ to rename/move/delete files BEFOR system boot. it is powerfull but danger!