Have an issue with Active Diretory user, computer keeps shutting down

Give the user admin privileges and log him in. Log out and revert to normal privileges. See if this helps.

Have you verified the DNS settings on the workstation? Not sure why this would cause the machine to reboot, but it seems to be having difficulty contacting a domain controller. Can you ping your DC by IP and name? Also, do you have this problem when logging in with a different user account?

Ok don't laugh,

Is she kicking the surge protector or the power cord?

I have verified that I can ping the DNS server and everything is working fine. I can log into the same computer and I have no issues. Its only this user where the computer reboots.

Today this same user just let us know that all her E-mails in her sent and deleted items are gone. They both are empty. Anyone have any ideas what is going on?

I ran Microsofts Diagnostics tools and this is what I am seeing, any thoughts?

 
 Analysis Summary  
  Type Description Recommendation
  Error In WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp the assembly instruction at kernel32!RaiseException+53 in C:\WINDOWS\system32\kernel32.dll from Microsoft Corporation has caused an unknown exception (0xe0000002) on thread 0



This exception originated from msxml5!DllUnregisterServer+31e93.  Review the faulting call stack for thread 0 to determine root cause for the exception.





Please follow up with vendor Microsoft Corporation for problem resolution concerning the following file: C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll.
  Information DebugDiag determined that this dump file (WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp) is a crash dump and did not perform any hang analysis. If you wish to enable combined crash and hang analysis for crash dumps, edit the CrashHangAnalysis.asp script (located in the DebugDiag\Scripts folder) and set the g_DoCombinedAnalysis constant to True.  
 
 


 
 Analysis Details  
 


 Your browser settings are currently prohibiting this report's scripts from running.

This is preventing some features of this analysis report from displaying properly. To enable scripts to run, right-click the security warning above and choose "Allow Blocked Content..." or enable the "Allow active content to run in files on My Computer*" setting on the Advanced tab of your "Internet Options" dialog to avoid being prompted in the future





Table Of Contents
WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp

   Faulting Thread

   Faulting Module Information



 Report for WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp




Report for WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp
Type of Analysis Performed   Crash Analysis
Machine Name   WS20188
Operating System   Windows XP Service Pack 3
Number Of Processors   2
Process ID   2980
Process Image   C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
System Up-Time   00:33:54
Process Up-Time   00:00:01


Thread 0 - System ID 2988
Entry point   WINWORD+10cc
Create time   8/19/2010 10:38:48 AM
Time spent in user mode   0 Days 0:0:0.78
Time spent in kernel mode   0 Days 0:0:0.140






Function     Arg 1     Arg 2     Arg 3   Source
kernel32!RaiseException+53     e0000002     00000000     00000001    
msxml5!DllUnregisterServer+31e93     80004004     023f9044     023f9038    
msxml5!DllCanUnloadNow+a2f2     023f9038     00000000     00000004    
msxml5!DllCanUnloadNow+77e2     00128d98     00128df4     023f9038    
msxml5!DllUnregisterServer+314fb     023f9038     0000000d     00000000    
msxml5!DllUnregisterServer+37ff5     023f9038     0000000d     00000000    
MSO!Ordinal7352+3b8     015436a8     00000000     0152d2b0    
MSO!Ordinal4198+2cb     45a568ae     0012b6f0     0152d2a0    
MSO!Ordinal8041+1b3     00cdb500     00000000     0152d2b0    
MSO!Ordinal8041+2c     00129178     0152d2b0     014e4900    
WWLIB!DllGetClassObject+33494     001291cc     00000000     014e47cc    
WWLIB!DllGetClassObject+32dd2     0012b6f0     014e47cc     00c441a0    
WWLIB!DllGetClassObject+2f8cb     0012b6f0     01510000     00000010    
WWLIB!DllGetClassObject+2f695     00000004     04210000     0012d048    
WWLIB!DllGetClassObject+2e0e2     00000004     00000000     04210000    
WWLIB!DllGetClassObject+2d9ac     0012d584     00000000     00000000    
WWLIB!DllGetClassObject+27e4c     00000001     0012fa60     0012f9e0    
WWLIB!DllGetClassObject+152bc     00000003     0012f52c     00000001    
WWLIB!DllGetClassObject+3b23     0012fa60     00000001     0012f9e0    
WWLIB!FMain+482     30000000     00000000     0015234a    
WINWORD+15d7     30000000     00000000     0015234a    
WINWORD+155d     80000001     03b0f224     7ffde000    
kernel32!BaseProcessStart+23     300010cc     00000000     78746341    




In WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp the assembly instruction at kernel32!RaiseException+53 in C:\WINDOWS\system32\kernel32.dll from Microsoft Corporation has caused an unknown exception (0xe0000002) on thread 0



This exception originated from msxml5!DllUnregisterServer+31e93. Module Information
Image Name: C:\WINDOWS\system32\kernel32.dll   Symbol Type:  PDB
Base address: 0x7c800000   Time Stamp:  Sat Mar 21 09:06:58 2009  
Checksum: 0x000fe572   Comments:  
COM DLL: False   Company Name:  Microsoft Corporation
ISAPIExtension: False   File Description:  Windows NT BASE API Client DLL
ISAPIFilter: False   File Version:  5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)
Managed DLL: False   Internal Name:  kernel32
VB DLL: False   Legal Copyright:  © Microsoft Corporation. All rights reserved.
Loaded Image Name:  kernel32.dll   Legal Trademarks:  
Mapped Image Name:     Original filename:  kernel32
Module name:  kernel32   Private Build:  
Single Threaded:  False   Product Name:  Microsoft® Windows® Operating System
Module Size:  984.00 KBytes   Product Version:  5.1.2600.5781
Symbol File Name:  c:\symcache\kernel32.pdb\072FF0EB54D24DFAAE9D13885486EE092\kernel32.pdb   Special Build:  &




 
 


 
 Script Summary  
  Script Name Status Error Code Error Source Error Description Source Line
CrashHangAnalysis.asp Completed  
 
 

"What I have tried so far is give her a new computer, I recreated her account."
Did you delete the account and give her a new one WITHOUT copying the profile?

yes I didn't copy any other user. i created it from scratch.

Does the user have admin rights? Is she installing something on the computer? It's starting to smell like a bad user. If it's ok when you're logged on (as a normal user, right, not as admin?) then it's not the computer. So it must be the user. My bet is she is installing something or visiting a web site that's screwing it up.

Anyone know what this means?


Event Type:      Error
Event Source:      DCOM
Event Category:      None
Event ID:      10016
Date:            8/20/2010
Time:            8:17:59 AM
User:            NT AUTHORITY\SYSTEM
Computer:      ERICA
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Is this a 64 bit client?

http://support.microsoft.com/kb/899965

We moved this user to Windows 7 and now she is having issues with messages in Outlook 2007 getting deleted out of her Sent and Deleted folders. Also today her computer shutdown and when she turned it back on all her Excel and Word documents in her shares drive were deleted and sitting in her Recycling bin. i don't know what else to try. I have been working with Microsoft with this issue and they have no clue what is causing it.

Windows 7 is 32-bit that she is on now.