Solved

Only Local Administrators can login

Posted on 2004-09-08
13
608 Views
Last Modified: 2012-05-05
No local or domain accounts can login unless they are member of the local administrators group

Log on locally settings checked in local policies, nothing restrictive there

Desktop fully patched

Behaviour: it accepts the username and password of any valid account, looks like it will login, goes to 'Loading Personal Settings...." Dialog, then goes straight to "Saving Personal Settings...." Dialog and back to CTRL+ALD+DEL Login window

It does create a local profile for the user, but kicks them out before getting to desktop

Any user added to the local administrators group can login fine but need to assign non admin account without wiping machine !

0
Comment
Question by:littlemissg
13 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12005190
If you give the users local admin rights, log them in, then remove the local admin rights and log them back in, do they work normally?

I'm wondering if something with your default profile on that machine is screwed up.
0
 

Author Comment

by:littlemissg
ID: 12005970
good suggestion, I will try that asap
(machine is in diff location and cannot connect remotely prob due to same problem)
regards, LMG
0
 

Author Comment

by:littlemissg
ID: 12006673
Hi Leew

Tried that but no luck unfortunately.  Also deleted all local profiles (except AllUsers, Default & Administrator) to rule out any corruption, but same behaviour.

It would seem like its a policy or permission or registry corruption

LMG
0
 

Expert Comment

by:Bionicthumb2
ID: 12007307
Is a group policy object being applied to the machine from the domain or OU level?
Try running "gpresult -v" from the command-line to find out.

I've experienced the same behavior when there was no paging file configured for the workstation.
You might look at that.
0
 

Author Comment

by:littlemissg
ID: 12008705
Hi Bionichthumb2:

Both Domain and OU policies are being applied.
I have looked through the obvious Local Policy, User Rights Assignments etc. however and the effective setting should permit login to all.
There are several other machines in the domain with same policies applied.

I tried the Pagefile, there is one configured already.

Thanks anyway, any further ideas anyone ?

Regards, LMG
0
 
LVL 4

Expert Comment

by:averyb
ID: 12009826
Anything in Event Viewer on the machine in question?

Doesn't 2K only allow admins to login after all licenses on a network are used up?



0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 6

Expert Comment

by:Scott_Willcocks
ID: 12015364
does it happen in locally created account that will let you know if your .default profile is corrupt try creating a new user give them user rights and log on if it doesn't work then the .default is corupt

then create a local account and give local admin rights log in and
then copy the contents of the administrator profile into the .default making sure before you do it that you unhide all the files.

this will replace the .default with the current local admin account that can log on. then try and log on as a user.
0
 

Author Comment

by:littlemissg
ID: 12026151
Hi

Averyb:  re: EventViewer No I had checked there and it doen't log anything at all for the occurance of this
re: Licenses, I haven't heard of this, but don't imagine it should effect local logins, but if you know more about this if you think it may be it, let me know, thanks


Scott Willcocks:  I tried as you said, but unfortunately didn't work.  
Also logged in with Domain account with mandatory profile residing on server (so that I assume the Default Profile not reference) and same behavoiur, so it would seem we have ruled out it being a profile problem.  Thanks for suggestion though it sounded like good one and I was hopeful of its sucess.

Any other ideas anyone ?  I'm thinking it may be a registry corruption somewhere perhaps, but how to fix, without rebuild ??

Cheers,
LMG

0
 
LVL 6

Accepted Solution

by:
Scott_Willcocks earned 500 total points
ID: 12026512
I would logon and check these three files permissions

winlogon.exe
msgina.dll
and
user32.dll

see if system and admin has full control users should have at least read write permissions

also try setting windows logon debug

http://support.microsoft.com/default.aspx?scid=kb;EN-US;221833

and post log file..
0
 
LVL 6

Expert Comment

by:Scott_Willcocks
ID: 12026740
also check this registry key regedt32 and check the permissions as this key will hold the log on logoff dll information

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


0
 
LVL 6

Expert Comment

by:Scott_Willcocks
ID: 12026826
also do a search for userinit in the registry check the path hasn't been changed to c:\documents and settings\administrator\

or a folder that only the administrator has access to this will also cause a loop

some viruses have been none to do this

and do a search for the userinit.exe and  check the permissions on that file that is all
I can remember at the mo

hope this helps

need coffee now where is my manager?

:)

0
 

Author Comment

by:littlemissg
ID: 12028331
THANK YOU Scott

Started with your first suggestion and all files had no users, just administrators and one other user (this was a student user who was given local admin to setup machine, so obviously took full advantage of this privilege)
Anyway reset perms on those 3 files, this didn't work, but made me realise this student had stripped permissions from WINNT level for 'Users' group
So replaced these and all working again

Thank you, points well deserved

Cheers, I will enjoy my weekend now that that's sorted, it was buggin me :)

LMG
0
 
LVL 6

Expert Comment

by:Scott_Willcocks
ID: 12041862
glad to help I know how annoying these things can be :)
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now