Solved

Immediate logoff after sysprep and ghost capture

Posted on 2011-02-16
13
1,284 Views
Last Modified: 2012-05-11
After sysprep'ing and using Ghost to capture a reference machine, Windows immediately logs off after any logon.

Here is what I did:
Copied the local administrator user profile to the default user profile and set read permissions for Everyone.
Using 64-bit sysprep, sysprep -quiet -pnp -reseal
Booted to a cd with Ghost and captured the OS drive.  The image is 45 GB.
Boot the machine after capture and run through mini-setup.  I had a sysprep.inf answer file and all of the settings took except for the local administrator password.
Now when anyone attempts to logon, Windows accepts the credentials (if they are correct) and within 2 seconds starts logging the user off.

This has happened on 3 machines.  As part of setup, I was able to join 1 of the machines to the domain.  I can see the machine remotely via its c$ admin share, but there is no 'documents and settings' or 'Windows' directories.

This is a Windows XP Professional machine.

I am looking for an explanation why we are experiencing the immediate logoffs and why I can't see the 'documents and settings' and 'Windows' directories.

Thanks in advance!
0
Comment
Question by:ff10
  • 5
  • 5
  • 3
13 Comments
 

Author Comment

by:ff10
ID: 34910207
My immediate problem has been resolved.  I re-applied the image to the computer I captured it from and somehow that fixed it.

Do you have to re-apply an image to the same machine you captured it from?  Is this documented behavior?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 34922542
NEVER copy the Administrator profile to the Default User profile.....

If you look at a pristine Default User profile, you will find lots of places where registry keys have variables in REG_EXPAND_SZ leafs.  These are there because the first logon for anybody that creates a new local profile will "build" their own HKEY_CURRENT_USER hive from the Default User hive and expand the variables into hard paths.  

What you effectively did was hard code any variable that required a path inside the profile of the Administrator, as well as anything that captured the logged in user COMPUTER\Administrator and locked that into the Default User profile for Everyone to use.

This is one of the better blogs explaining how to do and NOT do this:

http://blogs.technet.com/b/deploymentguys/archive/2009/10/29/configuring-default-user-settings-full-update-for-windows-7-and-windows-server-2008-r2.aspx

You'll have to start over now since the Default User profile is pretty much cooked.

0
 

Author Comment

by:ff10
ID: 34922864
Thank you.  Your explanation and the links are very helpful.

The immediate logoff after logon happened on 2 machines recently.  I did not copy the Administrator profile to the Default User profile for the first machine.  Since several books (apparently outdated) recommended that I do copy the Administrator profile over the Default User profile, I thought that might be the problem.  And for the 2nd capture, I did copy the Administrator profile over the Default User profile.  Both machines exhibited the immediate logoff after logon.  And both machines were fine once I applied the image that I had captured from the 2nd machine.  By fine, I mean they did not exhibit the immediate logoff after logon - I don't doubt they have the problems you pointed out.

Has anyone experienced the immediate logoff after logon after sysprep'ing and ghost'ing a machine?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 34923466
Sounds like you may have picked up some malware or a virus that has messed with userinit.exe.

Or something changed a value in the registry for Winlogon.

You may be able to fix this by mounting the drive in a good PC as a secondary drive, then load the Software registry hive.
Drill into \Microsoft\WindowsNT\CurrentVersion\Winlogon.
Make sure the keys below are correct:

Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe

Unload the hive and shutdown the PC.
Replace the drive into the original PC and attempt to boot.

Let us know.
0
 

Expert Comment

by:Robotechno
ID: 35051716
I'm having the same problem and I have been using sysprep for years.  I've never been so stumped.
I've imaged over and over trying different things (on my 14th image).  After mini-setup and after logging in with the local admin or even another local account with administrator credentials it immediately logs off.  

What I find interesting is that you started having this issue at the same time I did (meaning a new virus/malware might have introduced itself).

I'll give your suggestion a shot:

"You may be able to fix this by mounting the drive in a good PC as a secondary drive, then load the Software registry hive.
Drill into \Microsoft\WindowsNT\CurrentVersion\Winlogon.
Make sure the keys below are correct:

Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe

Unload the hive and shutdown the PC.
Replace the drive into the original PC and attempt to boot."



0
 

Author Comment

by:ff10
ID: 35078672
In the 3 times this has happened to me, it has always been the machine that I imaged - the reference machine.  I applied the reference image to other machines and it works fine on other machines.  Out of all the machines, I least expected the reference machine to be bad after the image - yet this is the case.  But when I apply the reference image to the reference machine (instead of just booting again and going through mini-setup), it works again.  If I let the reference machine go through mini-setup after sysprep and imaging, it is toast.  Bottom line - I reapply the reference image to the reference machine and everything is fine.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Expert Comment

by:Robotechno
ID: 35078911
Talk about chasing our tails!
I'll give that a shot tomorrow.   Very interesting, out of all the things I tried I don't think I tried that.  I just assumed the image was toast when I booted mini-setup after cloning, which has always been a Linus test after sys-prepping.  Thanks for your post.  I have Microsoft on this and they are stumped so far.
0
 

Expert Comment

by:Robotechno
ID: 35082722
FF10,

Thank you.  That worked around the issue.  I really appreciate your response, I've already sold my soul trying to fix this.

-Mark
0
 

Author Comment

by:ff10
ID: 35083135
Robotechno,

Now I know its not just me.  Not sure if this is related, but I was using sysprep from the command line instead of the GUI.  My coworkers recommended against this, but I thought it was a good idea to document for the next guy.

Did you also use sysprep from the command line?
0
 

Expert Comment

by:Robotechno
ID: 35083201
No, I ran it from Windows Explorer.exe.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 35083241
commandline is perfectly fine for this procedure.

I use these switches:  -mini -quiet -reseal -pnp.  Mind you, I'm using 32-bit.

I wonder if there are issues with the 64-bit version that are not there in the 32-bit?


0
 

Author Comment

by:ff10
ID: 35083402
The machines we image are all Windows XP Professional 64-bit.

Robotechno: Were your machines also Windows XP Professional 64-bit?  Also, out of curiosity - how big are your images?
0
 

Expert Comment

by:Robotechno
ID: 35088725
W2K3R2 64 bit, about 4-5GB.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now