• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 619
  • Last Modified:

Only Local Administrators can login

No local or domain accounts can login unless they are member of the local administrators group

Log on locally settings checked in local policies, nothing restrictive there

Desktop fully patched

Behaviour: it accepts the username and password of any valid account, looks like it will login, goes to 'Loading Personal Settings...." Dialog, then goes straight to "Saving Personal Settings...." Dialog and back to CTRL+ALD+DEL Login window

It does create a local profile for the user, but kicks them out before getting to desktop

Any user added to the local administrators group can login fine but need to assign non admin account without wiping machine !

0
littlemissg
Asked:
littlemissg
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you give the users local admin rights, log them in, then remove the local admin rights and log them back in, do they work normally?

I'm wondering if something with your default profile on that machine is screwed up.
0
 
littlemissgAuthor Commented:
good suggestion, I will try that asap
(machine is in diff location and cannot connect remotely prob due to same problem)
regards, LMG
0
 
littlemissgAuthor Commented:
Hi Leew

Tried that but no luck unfortunately.  Also deleted all local profiles (except AllUsers, Default & Administrator) to rule out any corruption, but same behaviour.

It would seem like its a policy or permission or registry corruption

LMG
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Bionicthumb2Commented:
Is a group policy object being applied to the machine from the domain or OU level?
Try running "gpresult -v" from the command-line to find out.

I've experienced the same behavior when there was no paging file configured for the workstation.
You might look at that.
0
 
littlemissgAuthor Commented:
Hi Bionichthumb2:

Both Domain and OU policies are being applied.
I have looked through the obvious Local Policy, User Rights Assignments etc. however and the effective setting should permit login to all.
There are several other machines in the domain with same policies applied.

I tried the Pagefile, there is one configured already.

Thanks anyway, any further ideas anyone ?

Regards, LMG
0
 
averybCommented:
Anything in Event Viewer on the machine in question?

Doesn't 2K only allow admins to login after all licenses on a network are used up?



0
 
Scott_WillcocksCommented:
does it happen in locally created account that will let you know if your .default profile is corrupt try creating a new user give them user rights and log on if it doesn't work then the .default is corupt

then create a local account and give local admin rights log in and
then copy the contents of the administrator profile into the .default making sure before you do it that you unhide all the files.

this will replace the .default with the current local admin account that can log on. then try and log on as a user.
0
 
littlemissgAuthor Commented:
Hi

Averyb:  re: EventViewer No I had checked there and it doen't log anything at all for the occurance of this
re: Licenses, I haven't heard of this, but don't imagine it should effect local logins, but if you know more about this if you think it may be it, let me know, thanks


Scott Willcocks:  I tried as you said, but unfortunately didn't work.  
Also logged in with Domain account with mandatory profile residing on server (so that I assume the Default Profile not reference) and same behavoiur, so it would seem we have ruled out it being a profile problem.  Thanks for suggestion though it sounded like good one and I was hopeful of its sucess.

Any other ideas anyone ?  I'm thinking it may be a registry corruption somewhere perhaps, but how to fix, without rebuild ??

Cheers,
LMG

0
 
Scott_WillcocksCommented:
I would logon and check these three files permissions

winlogon.exe
msgina.dll
and
user32.dll

see if system and admin has full control users should have at least read write permissions

also try setting windows logon debug

http://support.microsoft.com/default.aspx?scid=kb;EN-US;221833

and post log file..
0
 
Scott_WillcocksCommented:
also check this registry key regedt32 and check the permissions as this key will hold the log on logoff dll information

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


0
 
Scott_WillcocksCommented:
also do a search for userinit in the registry check the path hasn't been changed to c:\documents and settings\administrator\

or a folder that only the administrator has access to this will also cause a loop

some viruses have been none to do this

and do a search for the userinit.exe and  check the permissions on that file that is all
I can remember at the mo

hope this helps

need coffee now where is my manager?

:)

0
 
littlemissgAuthor Commented:
THANK YOU Scott

Started with your first suggestion and all files had no users, just administrators and one other user (this was a student user who was given local admin to setup machine, so obviously took full advantage of this privilege)
Anyway reset perms on those 3 files, this didn't work, but made me realise this student had stripped permissions from WINNT level for 'Users' group
So replaced these and all working again

Thank you, points well deserved

Cheers, I will enjoy my weekend now that that's sorted, it was buggin me :)

LMG
0
 
Scott_WillcocksCommented:
glad to help I know how annoying these things can be :)
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now