User profiles: Owner and Owner.George and Owner.~Phjft

I think you can get it when you re-install windows and use the same user name as previously installed.

You also see it on a network, something to do with roaming profiles not working properly.

H

So you are saying to re-install Windows but not format the drive?

Has anyone seen this behavior AND, more importantly, can you explain it?

Seen it, and may have an explanation. Not certain it explains what you see, though.

I have am image where; in the Docs and Settings folder, I have user profile folders of
a) Owner, b) Owner.George and c) Owner~1~GE

Other facts The SAM has the following user names
Owner SID=1006 Fullname field = George
There is no user acct for Owner.George or Owner.~1~GE

Not sure what you mean by that last statement. Are you saying that there are no account SIDs matching the owner SIDs of those folders? Or that you have not found an account 'Owner.George'? In the scenario I typically see, all three folders/ntuser.dat are owned by the same SID.

Have you checked the times for the contents – were the profiles in use at the same time (i.e. time stamps in separate folders overlap), or in a 1, 2, 3 fashion?

Don't forget that SIDs are mapped to profile folders by the registry – you may easily set up an account A with a profile folder B, and an account B with a profile folder A. Profile folder names are not necessarily useful in identifying their accounts. Are all or only some of these mapped?
To one or several accounts?

There is an NTUser.dat file in each each profile folder, both Owner and Owner.George are full profiles, Owner~1~GE is missing many files/folders but has a corrupted NTUser.dat.

That's one usual way this happens a users profile gets messed up, and a fresh one is created, and old contents is moved/copied over by hand from the previous. If some kind of helpdesk is involved, they typically have instructions or scripts to do this.

I would guess that Owner~1~GE is the oldest folder – and I would also guess that those missing folders were moved to the new one (one of the others). That might be possible to verify by analyzing time stamps of the files and folders involved.

The possibility of a reinstalled Windows also seems possible – and may be easy to check there some kind of install date in the registry, right?

If the user lose the Full Control permission on his profile folder, Windows creates a new user profile folder the next time that he logs on. If the old profile folder still exists, Windows modifies the name of the new folder to avoid duplicating the name of the original profile folder.

2 cases are possibles

1/ the computer is a workgroup member (there is a local SAM)

If the username folder already exists, the new profile folder is named username.computername

If the username.computername folder already exists, the new profile folder is named username.computername.000

2/ the computer is a domain member (no user account exists locally on the computer)

the first profile is names username.domainname

If the username.domainname folder already exists, the new profile folder is named username.domainname.000

If the username.computername folder already exists, the new profile folder is named username.domain.000

In your case, the user account should be Owner and the computername GEORGE. Maybe the creation date of the folders helps to confirm this.

The George is not the NetBios computername, but instead it is the Full name field in the user account Owner in the SAM.

To my knowledge, this is a local computer - not domain connected.

So you are saying to re-install Windows but not format the drive?

Yes if it is a standalone then I think this is the explanation. It is easy enough to test, do it on a VM.

H

Thanks for all the input.
Regards..