Solved

Only Local Administrators can login

Posted on 2004-09-08
13
610 Views
Last Modified: 2012-05-05
No local or domain accounts can login unless they are member of the local administrators group

Log on locally settings checked in local policies, nothing restrictive there

Desktop fully patched

Behaviour: it accepts the username and password of any valid account, looks like it will login, goes to 'Loading Personal Settings...." Dialog, then goes straight to "Saving Personal Settings...." Dialog and back to CTRL+ALD+DEL Login window

It does create a local profile for the user, but kicks them out before getting to desktop

Any user added to the local administrators group can login fine but need to assign non admin account without wiping machine !

0
Comment
Question by:littlemissg
13 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12005190
If you give the users local admin rights, log them in, then remove the local admin rights and log them back in, do they work normally?

I'm wondering if something with your default profile on that machine is screwed up.
0
 

Author Comment

by:littlemissg
ID: 12005970
good suggestion, I will try that asap
(machine is in diff location and cannot connect remotely prob due to same problem)
regards, LMG
0
 

Author Comment

by:littlemissg
ID: 12006673
Hi Leew

Tried that but no luck unfortunately.  Also deleted all local profiles (except AllUsers, Default & Administrator) to rule out any corruption, but same behaviour.

It would seem like its a policy or permission or registry corruption

LMG
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Expert Comment

by:Bionicthumb2
ID: 12007307
Is a group policy object being applied to the machine from the domain or OU level?
Try running "gpresult -v" from the command-line to find out.

I've experienced the same behavior when there was no paging file configured for the workstation.
You might look at that.
0
 

Author Comment

by:littlemissg
ID: 12008705
Hi Bionichthumb2:

Both Domain and OU policies are being applied.
I have looked through the obvious Local Policy, User Rights Assignments etc. however and the effective setting should permit login to all.
There are several other machines in the domain with same policies applied.

I tried the Pagefile, there is one configured already.

Thanks anyway, any further ideas anyone ?

Regards, LMG
0
 
LVL 4

Expert Comment

by:averyb
ID: 12009826
Anything in Event Viewer on the machine in question?

Doesn't 2K only allow admins to login after all licenses on a network are used up?



0
 
LVL 6

Expert Comment

by:Scott_Willcocks
ID: 12015364
does it happen in locally created account that will let you know if your .default profile is corrupt try creating a new user give them user rights and log on if it doesn't work then the .default is corupt

then create a local account and give local admin rights log in and
then copy the contents of the administrator profile into the .default making sure before you do it that you unhide all the files.

this will replace the .default with the current local admin account that can log on. then try and log on as a user.
0
 

Author Comment

by:littlemissg
ID: 12026151
Hi

Averyb:  re: EventViewer No I had checked there and it doen't log anything at all for the occurance of this
re: Licenses, I haven't heard of this, but don't imagine it should effect local logins, but if you know more about this if you think it may be it, let me know, thanks


Scott Willcocks:  I tried as you said, but unfortunately didn't work.  
Also logged in with Domain account with mandatory profile residing on server (so that I assume the Default Profile not reference) and same behavoiur, so it would seem we have ruled out it being a profile problem.  Thanks for suggestion though it sounded like good one and I was hopeful of its sucess.

Any other ideas anyone ?  I'm thinking it may be a registry corruption somewhere perhaps, but how to fix, without rebuild ??

Cheers,
LMG

0
 
LVL 6

Accepted Solution

by:
Scott_Willcocks earned 500 total points
ID: 12026512
I would logon and check these three files permissions

winlogon.exe
msgina.dll
and
user32.dll

see if system and admin has full control users should have at least read write permissions

also try setting windows logon debug

http://support.microsoft.com/default.aspx?scid=kb;EN-US;221833

and post log file..
0
 
LVL 6

Expert Comment

by:Scott_Willcocks
ID: 12026740
also check this registry key regedt32 and check the permissions as this key will hold the log on logoff dll information

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


0
 
LVL 6

Expert Comment

by:Scott_Willcocks
ID: 12026826
also do a search for userinit in the registry check the path hasn't been changed to c:\documents and settings\administrator\

or a folder that only the administrator has access to this will also cause a loop

some viruses have been none to do this

and do a search for the userinit.exe and  check the permissions on that file that is all
I can remember at the mo

hope this helps

need coffee now where is my manager?

:)

0
 

Author Comment

by:littlemissg
ID: 12028331
THANK YOU Scott

Started with your first suggestion and all files had no users, just administrators and one other user (this was a student user who was given local admin to setup machine, so obviously took full advantage of this privilege)
Anyway reset perms on those 3 files, this didn't work, but made me realise this student had stripped permissions from WINNT level for 'Users' group
So replaced these and all working again

Thank you, points well deserved

Cheers, I will enjoy my weekend now that that's sorted, it was buggin me :)

LMG
0
 
LVL 6

Expert Comment

by:Scott_Willcocks
ID: 12041862
glad to help I know how annoying these things can be :)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2000 Server Pagefile.sys Error 7 652
Windows 2000 Sever Lab Setup 1 685
How to Test Com Ports on NT 4.0 Workstation 2 282
Repair old Windows 2000 boot 15 236
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question