All of a Sudden, My Terminal Server's Elliott Default Changed to Someone Else's Settings

Date: 05/11/2017

Q
- All of a sudden, when I start up Elliott on my terminal server session, the Elliott defaults are changed to someone else's settings. This includes, but may not limited to:
  • Last Login Elliott User
  • Application Window Startup Location
  • Application Font & Size
  • Elliott Control Center Location
  • Elliott Control Center Size
  • Elliott Control Center Font Size
The following is an example. When I started up Elliott today, I noticed my default user ID is "MAD."  But I have never logged in to Elliott as  "MAD" before:
 


Also,  after I had verified with the user "MAD," I realized that many of the other Elliott preferences in my session seem to have originated from this user's preferences.  Why did I inherit my Elliott preferences from the user "MAD" all of a sudden?

A - This has to do with the terminal server shadow key. Elliott does not use a shadow key, so if there are any registry values for Elliott in the shadow key area, then they should be deleted.  The following is a summary of how a shadow key could be created for Elliott on a terminal server.

Summary

On a terminal server, if someone starts an application installation, it will put the server in the Install Mode. In the Install Mode, changes to HKCU will be copied to a shadow key. This feature is intended to replicate HKCU changes to other users for the application being installed. However, if before the installation is finished that person starts running Elliott, any HKCU registry changes done by Elliott on that session will also be copied to the shadow key. This key will be replicated to other users at a later time.

The terminal server keeps a time stamp of when the shadow key was changed and when replication was done. It uses these time stamps to determine when replication will need to take place.

If the Install Mode is enabled for a session, any changes to HKEY_CURRENT_USER are mirrored to the shadow key areas: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software (64-bit processes) and
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software (32-bit processes).

Example of an Elliott Shadow Key

The following is an example of an Elliott shadow key in the following path
  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Netcellent  


Since Elliott does not use any shadow key, you should right click on the "Elliott" node and choose the "Delete" option.

Not all application installations will cause a shadow key.  But to avoid this problem in the future, try not to run Elliott while performing installation on the terminal server.

Reference

Here you can find a detailed description of how the shadow keys work in a terminal server environment:

http://www.brianmadden.com/opinion/How-Applications-use-the-Registry-in-Terminal-Server-Environments-Part-2-of-3

https://helgeklein.com/blog/2012/03/do-shadow-keys-still-work-in-server-2008-r2/

EMK

Feedback and Knowledge Base