Re: Normal user login now logs off immediately [w/o administrator
- From: BOS <BOS@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 11 Jun 2007 19:22:00 -0700
I am even more screwed. none of my users (all with administrator rights) can
get through the cycle. not even in safe mode. password is accepted but
immediately logs out.
"WTC" wrote:
"Darmdorf" <darmdorf@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:A1C49BCD-F412-432F-8145-B146A3E2F5B9@xxxxxxxxxxxxxxxx
"WTC" wrote:
--
William Crawford
MS-MVP Windows Shell/User
"Darmdorf" <darmdorf@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:41AA74D0-132F-49F5-AC78-F6DC99FAD8F4@xxxxxxxxxxxxxxxx
"WTC" wrote:
"Darmdorf" <darmdorf@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in messageThe DCOM error I mentioned was in fact logged in the system event
news:CBA6CA0A-45E5-4A46-BA38-420B4F43147D@xxxxxxxxxxxxxxxx
"WTC" wrote:
"Darmdorf" <darmdorf@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in messageI made an additional normal user account (w/o administrator rights)
news:1E4F3AB3-5AFE-49DC-8D47-304B5D830FB7@xxxxxxxxxxxxxxxx
"WTC" wrote:
"Darmdorf" <darmdorf@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in messageHmmm.....It only happens to just this one normal user account, my
news:81D0707E-043F-45DB-B246-18BB725986C8@xxxxxxxxxxxxxxxx
"WTC" wrote:
"Darmdorf" <darmdorf@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote inThanks for the reply WTC. I plowed into regedit and pulled up
message
news:268CC54E-54E8-4E83-BA58-E53DB7B02CFF@xxxxxxxxxxxxxxxx
My normal user account under XP Pro SP2 (which has no
administrator
rights)
is no longer able to login. The login begins in a normal
fashion:
preferences
are loaded, there is disk activity for a while, the
background
image
is
displayed, but before any icons or toolbar entries appear a
logout
suddenly
occurs. If I try again the logout is immediate. While
trying to
diagnose
the
problem I happened to give my normal user account
administrator
rights,
which
then strangely allows a normal login. Very spooky. Removing
admin
rights
brings the problem back again.
Judging from the system logs, evidently an NTFS error was
logged
just
before
the problem began. The very next normal start automatically
included
a
chkdsk
run, repairing many problems on my C: drive (file
truncations,
orphan
clusters, etc.). Nothing to really worry about. After about
a
minute
into
the
actual start a single DCOM server error
{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} was logged because
of an
"incorrect
application configuration".
I've tried everything I can think of to repair the damage.
Chkdsk
shows
no
errors, and I also haven't been able to spot any errors
with
Regedit.
The
security profiles also appear to be correct when compared
with
another
XP
Pro
system. I've browsed here extensively for similar problems
and
not
found
anything applicable. I don't have the typical userinit /
wsaupdaterregistry
problem with the registry winlogon entry. I also went back
to a
check
point
previous to the problem, but that didn't change the
behavior
either.
I'm
sure
I don't have a malware problem, as I have AD-Watch active,
use
Spybot
regularly, and have a decent Kaspersky Internet Security
package.
It must be something during the login procedure which is
directly
affected
by administrator rights, but what? Any ideas? It would
probably
be
helpful,
if one could somehow protocol the logon progress to find
out what
is
actually
going awry. I really hate to have to leave administrator
rights
enabled
for
my normal work, as that's inviting trouble. As an
ex-computer
expert, I
must
admit that I've never seen XP have problems of this kind
after a
minor
disk
problem. I'd really appreciate any help in the matter.
Could you post back with all the permissions that allow or
denied
on
this
key in the registry?
[HKLM\System\MountedDevices]
Right click on MountedDevices and select "Permissions". I
just have
a
hunch
that the permissions may be incorrect.
--
William Crawford
MS-MVP Windows Shell/User
the
things
you
requested for [HKLM\System\MountedDevices], I hope.
Groups or Usernames Permissions Apply to:
Admin (User) Special Permissions Just this key
Administrators (Group) Full Access/Read This key &
subs
Users (Group) Read This key & subs
CREATOR-OWNER (Group) Special Permissions Just sub-keys
Main Users (Group) Read This key & subs
SYSTEM (Group) Read This key & subs
There were no explicit "denies".
I also happened to look at the key directly above
[HKLM\System\MountedDevice1]. It is of "almost" the same
content,
but
interestingly different. It contains 21 "Volume" entries &
DosDevices,
where
as \MountedDevice contains 27 "Volume" entries & DosDevices.
The
entries
look
a bit "hodge-podge" for my taste. Does that help?
Oh yes, my "problem" user is just a normal User with no
special
permissions,
ie. read only.
Everything appears normal. Does this just happen to one user? Or
does
it
happen to all account that have User permissions and
restrictions?
--
William Crawford
MS-MVP Windows Shell/User
other
is
with administrator priviledges for installation and housekeeping
work.
Really
strange, what? I don't suppose you have any ideas how I could
protocol
the
logon sequence?
Create a new normal user account and see what happens. If you have
no
problems then copy the old profile to a new profile.
How to copy data from a corrupted user profile to a new profile
http://support.microsoft.com/default.aspx?kbid=811151
--
William Crawford
MS-MVP Windows Shell/User
and
had
the same login/logout problem with it too. I got brave and also
temporarily
removed administrator rights from my normal "admin" user and the
problem
appeared there too! That means the problem is indeed deeper seated,
and
infact affects any and all user accounts, even newly created ones.
I don't suppose you happen to know how to find the file name from
the id
given in the chkdsk protocol?
No I do not.
That might be a help to figure out what went
wrong. By the way, the DCOM error I wrote about had to do with
"C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding".
Have you look in the Event Viewer for Errors. This might give better
clues.
Control Panel > Administrative Tools > Event Viewer.
In the System Category of the Event Viewer there should some DCOM
errors
with a red X. Please write the info and post back.
--
William Crawford
MS-MVP Windows Shell/User
viewer log
you just referred to, twice in a row. Since the incident there have
been NO
further DCOM errors, so that must not be a problem? I'll post the major
event
log entries from the time in question so you can get a feel for what
happened:
15:45:22 System Log>Error>Source:ntfs>Response:55 The file system on
the
media is damaged and unusable. Perform chkdsk on volume "C:".
15:53:00 System Log>Info>Source:eventlog>Windows start
15:53:03 Application Log>Info>Source:winlogon>chkdsk repairs many
errors on C:
15:53:xx Various services start normally
15:54:10 System Log>Error>Source:DCOM>Response:10000 A DCOM Server
could not
be started: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. Error:
"This application could not be started, because the application
configuration is incorrect. The application should be reinstalled to
correct
the problem."
Occurred at the start of command:
C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
16:03:48 System Log>Info>Source:eventlog>Windows start
I also recently tried to remove the administration rights from my
normal
user and put him into the Main User group to see if logins would then
function, but it didn't help either. Looking at the group policies also
- Follow-Ups:
- Prev by Date: Re: Parameter Passed In correct
- Next by Date: Re: win. 98se
- Previous by thread: Re: Parameter Passed In correct
- Next by thread: Re: Normal user login now logs off immediately [w/o administrator
- Index(es):
Relevant Pages
|
