This tutorial demonstrates how to prevent or allow Windows to log on users with temporary profiles. It includes an explanation of what temporary profiles are, and why you may need to enable or disable temporary profiles in Windows 10 and Windows 11. Instructions are included for configuring temporary profiles using Local Group Policy and the Windows Registry Editor.
How to enable or disable log on with temporary profiles using the Windows Registry Editor
The Windows Registry Editor can be used in all editions of Windows 10 and Windows 11 (including Home, Pro, Enterprise, and Education) to enable or disable the use of temporary profiles. Before you make changes, you should create a backup of your registry.
You’ll need to be logged in as an administrator to access the Registry Editor.
- Right-click on the Start button and select Run
- Type the command regedit.exe in the Run dialog then press the Enter key
- In the Windows Registry Editor, navigate to the key Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System (you can copy and paste this path into the navigation bar)
- With the System key highlighted, create a new value by selecting Edit > New > DWORD (32-bit Value) and name it ProfileErrorAction (only if this value doesn’t already exist)
- Set the value of ProfileErrorAction to 1 to disable log on users with temporary profiles
- Delete the ProfileErrorAction value by right-clicking on it and selecting Delete to enable log on users with temporary profiles
How to enable or disable log on with temporary profiles using the Local Group Policy Editor
The Local Group Policy Editor is available in Pro, Enterprise, and Education versions of Windows 10 and Windows 11 (and is not accessible from Home editions). Before you make changes to Group Policy, you can back up your Group Policy settings. You must be logged in as an administrator to use the Local Group Policy Editor.
- Right-click on the Start button and press Run
- Enter the command gpedit.msc and press OK
- Navigate to Computer Configuration\Administrative Templates\System\User Profiles
- Double-click on the Do not log users on with temporary profiles setting to edit it
- Change the value of the Do not log users on with temporary profiles setting to Enabled to disable Log on with temporary profiles
- Change the value of the Do not log users on with temporary profiles setting to Not configured (the default) to enable Log on with temporary profiles
- Click OK to save and apply the change
- Close the Local Group Policy Editor
You can also deploy this setting using Group Policy for Active Directory if you are managing multiple Windows devices.
Understanding Windows temporary profiles and why you might prevent their use
A Windows user profile contains all the unique settings for a user (like their configured email accounts, desktop wallpaper, browser preferences, bookmarks, etc.), as well as their documents and files, with individual directories for their documents, photos, the files on their desktop, and so on. Windows user profiles are stored in the C:\Users folder. User profiles allow each user to maintain their own files and settings that are separate from other users (and inaccessible to them unless they are an administrator).
If, for some reason, there’s a problem accessing a user’s profile (for example, it has become corrupted, or there is a permissions issue), Windows will, by default, create a temporary, empty profile so that the user can continue to log in. This temporary profile does not contain any of the user’s files or configuration, and, importantly, is destroyed when the user logs out.
This presents an issue for both home and enterprise users who are unaware of this behavior: While users are alerted that they are using a temporary profile, the implications of this are often not obvious, and the notification is readily dismissed. The user will be given a temporary profile, save some important files or work-in-progress to it, and then log out, deleting those files (which will most likely be unrecoverable).
This makes it preferable in many situations to completely disable the ability to log on with temporary profiles.
The Windows Event Viewer can be used to determine whether temporary profiles have been used, but again, this is typically too late to prevent data loss if the user has already logged out.
By preventing Windows from creating temporary profiles, the user will not be able to log in at all, allowing the underlying issue to be investigated and resolved, rather than temporary profiles potentially causing more mess to clean up.
Keeping your users’ profiles and data safe in enterprise and education
Temporary profiles are a common cause of problems in enterprise environments, often causing users to lose data when the temporary profile is destroyed. This leads to lost productivity, user frustration, and increases load on your support helpdesk, especially during times of network instability, where multiple Windows PCs may be affected at the same time.
Ensuring that users store their files in network shares and that roaming profiles are properly configured helps protect against files being lost to temporary profiles, and the use of temporary profiles when there is a connectivity issue. In business-critical scenarios, individual endpoints can also be backed up as an extra layer of protection.
NinjaOne Backup provides a platform for backing up all of your employee devices remotely. You can choose to back up specific files and folders (such as user profiles) or whole system images to the cloud or your own infrastructure, using a single solution that covers your Windows 10, Windows 11, Mac, and server machines.
