ff10
asked on
Immediate logoff after sysprep and ghost capture
After sysprep'ing and using Ghost to capture a reference machine, Windows immediately logs off after any logon.
Here is what I did:
Copied the local administrator user profile to the default user profile and set read permissions for Everyone.
Using 64-bit sysprep, sysprep -quiet -pnp -reseal
Booted to a cd with Ghost and captured the OS drive. The image is 45 GB.
Boot the machine after capture and run through mini-setup. I had a sysprep.inf answer file and all of the settings took except for the local administrator password.
Now when anyone attempts to logon, Windows accepts the credentials (if they are correct) and within 2 seconds starts logging the user off.
This has happened on 3 machines. As part of setup, I was able to join 1 of the machines to the domain. I can see the machine remotely via its c$ admin share, but there is no 'documents and settings' or 'Windows' directories.
This is a Windows XP Professional machine.
I am looking for an explanation why we are experiencing the immediate logoffs and why I can't see the 'documents and settings' and 'Windows' directories.
Thanks in advance!
Here is what I did:
Copied the local administrator user profile to the default user profile and set read permissions for Everyone.
Using 64-bit sysprep, sysprep -quiet -pnp -reseal
Booted to a cd with Ghost and captured the OS drive. The image is 45 GB.
Boot the machine after capture and run through mini-setup. I had a sysprep.inf answer file and all of the settings took except for the local administrator password.
Now when anyone attempts to logon, Windows accepts the credentials (if they are correct) and within 2 seconds starts logging the user off.
This has happened on 3 machines. As part of setup, I was able to join 1 of the machines to the domain. I can see the machine remotely via its c$ admin share, but there is no 'documents and settings' or 'Windows' directories.
This is a Windows XP Professional machine.
I am looking for an explanation why we are experiencing the immediate logoffs and why I can't see the 'documents and settings' and 'Windows' directories.
Thanks in advance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. Your explanation and the links are very helpful.
The immediate logoff after logon happened on 2 machines recently. I did not copy the Administrator profile to the Default User profile for the first machine. Since several books (apparently outdated) recommended that I do copy the Administrator profile over the Default User profile, I thought that might be the problem. And for the 2nd capture, I did copy the Administrator profile over the Default User profile. Both machines exhibited the immediate logoff after logon. And both machines were fine once I applied the image that I had captured from the 2nd machine. By fine, I mean they did not exhibit the immediate logoff after logon - I don't doubt they have the problems you pointed out.
Has anyone experienced the immediate logoff after logon after sysprep'ing and ghost'ing a machine?
The immediate logoff after logon happened on 2 machines recently. I did not copy the Administrator profile to the Default User profile for the first machine. Since several books (apparently outdated) recommended that I do copy the Administrator profile over the Default User profile, I thought that might be the problem. And for the 2nd capture, I did copy the Administrator profile over the Default User profile. Both machines exhibited the immediate logoff after logon. And both machines were fine once I applied the image that I had captured from the 2nd machine. By fine, I mean they did not exhibit the immediate logoff after logon - I don't doubt they have the problems you pointed out.
Has anyone experienced the immediate logoff after logon after sysprep'ing and ghost'ing a machine?
Sounds like you may have picked up some malware or a virus that has messed with userinit.exe.
Or something changed a value in the registry for Winlogon.
You may be able to fix this by mounting the drive in a good PC as a secondary drive, then load the Software registry hive.
Drill into \Microsoft\WindowsNT\Curre
Make sure the keys below are correct:
Shell = explorer.exe
Userinit = C:\Windows\System32\userin
Unload the hive and shutdown the PC.
Replace the drive into the original PC and attempt to boot.
Let us know.
Or something changed a value in the registry for Winlogon.
You may be able to fix this by mounting the drive in a good PC as a secondary drive, then load the Software registry hive.
Drill into \Microsoft\WindowsNT\Curre
Make sure the keys below are correct:
Shell = explorer.exe
Userinit = C:\Windows\System32\userin
Unload the hive and shutdown the PC.
Replace the drive into the original PC and attempt to boot.
Let us know.
I'm having the same problem and I have been using sysprep for years. I've never been so stumped.
I've imaged over and over trying different things (on my 14th image). After mini-setup and after logging in with the local admin or even another local account with administrator credentials it immediately logs off.
What I find interesting is that you started having this issue at the same time I did (meaning a new virus/malware might have introduced itself).
I'll give your suggestion a shot:
"You may be able to fix this by mounting the drive in a good PC as a secondary drive, then load the Software registry hive.
Drill into \Microsoft\WindowsNT\Curre
Make sure the keys below are correct:
Shell = explorer.exe
Userinit = C:\Windows\System32\userin
Unload the hive and shutdown the PC.
Replace the drive into the original PC and attempt to boot."
I've imaged over and over trying different things (on my 14th image). After mini-setup and after logging in with the local admin or even another local account with administrator credentials it immediately logs off.
What I find interesting is that you started having this issue at the same time I did (meaning a new virus/malware might have introduced itself).
I'll give your suggestion a shot:
"You may be able to fix this by mounting the drive in a good PC as a secondary drive, then load the Software registry hive.
Drill into \Microsoft\WindowsNT\Curre
Make sure the keys below are correct:
Shell = explorer.exe
Userinit = C:\Windows\System32\userin
Unload the hive and shutdown the PC.
Replace the drive into the original PC and attempt to boot."
ASKER
In the 3 times this has happened to me, it has always been the machine that I imaged - the reference machine. I applied the reference image to other machines and it works fine on other machines. Out of all the machines, I least expected the reference machine to be bad after the image - yet this is the case. But when I apply the reference image to the reference machine (instead of just booting again and going through mini-setup), it works again. If I let the reference machine go through mini-setup after sysprep and imaging, it is toast. Bottom line - I reapply the reference image to the reference machine and everything is fine.
Talk about chasing our tails!
I'll give that a shot tomorrow. Very interesting, out of all the things I tried I don't think I tried that. I just assumed the image was toast when I booted mini-setup after cloning, which has always been a Linus test after sys-prepping. Thanks for your post. I have Microsoft on this and they are stumped so far.
I'll give that a shot tomorrow. Very interesting, out of all the things I tried I don't think I tried that. I just assumed the image was toast when I booted mini-setup after cloning, which has always been a Linus test after sys-prepping. Thanks for your post. I have Microsoft on this and they are stumped so far.
FF10,
Thank you. That worked around the issue. I really appreciate your response, I've already sold my soul trying to fix this.
-Mark
Thank you. That worked around the issue. I really appreciate your response, I've already sold my soul trying to fix this.
-Mark
ASKER
Robotechno,
Now I know its not just me. Not sure if this is related, but I was using sysprep from the command line instead of the GUI. My coworkers recommended against this, but I thought it was a good idea to document for the next guy.
Did you also use sysprep from the command line?
Now I know its not just me. Not sure if this is related, but I was using sysprep from the command line instead of the GUI. My coworkers recommended against this, but I thought it was a good idea to document for the next guy.
Did you also use sysprep from the command line?
No, I ran it from Windows Explorer.exe.
commandline is perfectly fine for this procedure.
I use these switches: -mini -quiet -reseal -pnp. Mind you, I'm using 32-bit.
I wonder if there are issues with the 64-bit version that are not there in the 32-bit?
I use these switches: -mini -quiet -reseal -pnp. Mind you, I'm using 32-bit.
I wonder if there are issues with the 64-bit version that are not there in the 32-bit?
ASKER
The machines we image are all Windows XP Professional 64-bit.
Robotechno: Were your machines also Windows XP Professional 64-bit? Also, out of curiosity - how big are your images?
Robotechno: Were your machines also Windows XP Professional 64-bit? Also, out of curiosity - how big are your images?
W2K3R2 64 bit, about 4-5GB.
ASKER
Do you have to re-apply an image to the same machine you captured it from? Is this documented behavior?