No local or domain accounts can login unless they are member of the local administrators group
Log on locally settings checked in local policies, nothing restrictive there
Desktop fully patched
Behaviour: it accepts the username and password of any valid account, looks like it will login, goes to 'Loading Personal Settings...." Dialog, then goes straight to "Saving Personal Settings...." Dialog and back to CTRL+ALD+DEL Login window
It does create a local profile for the user, but kicks them out before getting to desktop
Any user added to the local administrators group can login fine but need to assign non admin account without wiping machine !