Search Results

Search found 60 results on 3 pages for 'winlogon'.

Page 1/3 | 1 2 3  | Next Page >

  • Winlogon.exe causes C++ runtime error

    - by Evan
    Recently I've become unable to log into my Dell Precision M2400. It uses the Dell Controlpoint login GUI instead of the typical windows one, and has now started giving me a runtime error on winlogon.exe that ends with a c000021a BSOD. I have tried running through safe mode and a restore to the last known good setting with no success. Unfortunately by BIOS password is locked and the one IT guy with the password is on vacation and unreachable until after I leave for a business trip. Is there anyway to bypass the Dell logon screen and get to the default windows one? Thanks.

    Read the article

  • Strange behavior when changing default shell, and setting explorer.exe as winlogon shell for specific user

    - by Ophir Yoktan
    I use a custom logon shell on a machine (windows 7) for security reasons - which works fine by altering HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell. However, I also want that the administrator will still be able to manage the machine, so I modified the user specific key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell back to explorer.exe - but when I log on I get a single windows explorer window, and not the full desktop. does any one know how to configure the normal desktop shell only to a specific user?

    Read the article

  • Winlogon Init delay

    - by iceman
    I am trying to trace the boot time of a Windows 7 Professional machine and found the following times: Phase #, Phase Name, Start Time (s), End Time (s), Duration (s) 1, Pre Session Init, 0.000000000, 6.218684586, 6.218684586 2, Session Init, 6.218684586, 19.716180585, 13.497495999 3, Winlogon Init, 19.716180585, 164.393575644, 144.677395059 4, Explorer Init, 34.856013361, 39.280802294, 4.424788933 5, Post Boot, 39.280802294, 85.280802294, 46.000000000 The winlogon init seems to take a long time. What can be a reason?

    Read the article

  • Winlogon Application Error [closed]

    - by IT_07
    This error is happening to 6 out of 32 computers. I have created a base image from scratch using Ghost Enterprise, but error still shows on the same machines. It happens at the log on prompt and after doing a soft reset the message goes away, but it comes back eventually. -Error message- The Instruction at "0X74eF400e" referenced Memory at "0X00000000" The memory could not be "Written". Winlogon.exe - Application Error Any reason why this is happening? I have tried to run a memTest but everything shows okay.

    Read the article

  • Winlogon Application Error

    - by IT_07
    This error is happening to 6 out of 32 computers. I have created a base image from scratch using Ghost Enterprise, but error still shows on the same machines. It happens at the log on prompt and after doing a soft reset the message goes away, but it comes back eventually. -Error message- The Instruction at "0X74eF400e" referenced Memory at "0X00000000" The memory could not be "Written". Winlogon.exe - Application Error Any reason why this is happening? I have tried to run a memTest but everything shows okay.

    Read the article

  • How to protect my VPS from winlogon RDP spam requests

    - by Valentin Kuzub
    I got some hackers constantly hitting my RDP and generating thousands of audit failures in event log. Password is pretty elaborate so I dont think bruteforcing will get them anywhere. I am using VPS and I am pretty much a noob in Windows Server security (am a programmer myself and its my webserver for my site). Which is a recommended approach to deal with this? I would rather block IPs after some amount of failures for example. Sorry if question is not appropriate.

    Read the article

  • 'pskill \\hostname winlogon' might budge a server "stuck rebooting", but why?

    - by Snoi
    Question: Executing remote (Sysinternals) command... pskill \\machine winlogon ...can budge a server that is stuck rebooting, but how/why does this work? How do you know which service to kill? To recreate (e.g.): You run Windows Update, allow a reboot, and ...NOTHING! RDP gets cut off but the server does not reboot. Just about every other service seems to stay up. Further Background: I've faced this problem on VMs hosted around the planet for some years, and used various sc.exe and shutdown commands to learn the state of and attempt remote reboot of servers in such a state, with limited success. Most datacentres don't offer any way to see the true console or power off/on such machines. They charge $$ for you to call them to do such simple things after hours, when you nearly always have to run your maint tasks. e.g. NET USE \\machine\IPC$ /USER:login password sc \\machine query RpcSs sc \\machine query TermService sc \\machine query wuauserv tasklist /s machine This occasionally works for me... shutdown /m \\machine /r /f /t: 0 ...but more often than not it fails with: A system shutdown is in progress (1115). I found this question, and the answer by @Tweek, and it worked really well, but was I just lucky? Can not RDP to Win 2003 box or initiate remote restart @Tweek said to run: pskill \\hostname winlogon ...and that got me past this situation in a new way (Server 2008 R2 in my most recent case) - really useful! I just need to understand if I got lucky or there is more science here. What I'd like to know is why the winlogon process? @Livne said to use "tasklist /s HostName" to see what is the culprit, but how do you tell from the listed output? It's just a list of running tasks etc. From that I would not know what to look for, nor could I see anything about the winlogon process that suggested to my eyes that was the one to kill.

    Read the article

  • How to fix winlogon.exe randomly crashing/hanging my computer?

    - by Neeb
    I've got these problems: 1) sometimes winlogon.exe crashes at boot-up and my whole computer shuts off once i click "no" to visual-studio-2008 just-in-time-debugger window, takes about 30 secs until my harddrives starts up again, its really scary, i am afraid it is causing hardware malfunctions in long term. this has happened dozen of time now. 2) sometimes i leave the computer alone a while, i come back and i notice ctrl+alt+del doesnt work and winlogon.exe is using 100% of one of my 4 cores.

    Read the article

  • How to fix winlogon.exe randomly crashing/hanging my computer?

    - by Neeb
    I've got these problems: 1) sometimes winlogon.exe crashes at boot-up and my whole computer shuts off once i click "no" to visual-studio-2008 just-in-time-debugger window, takes about 30 secs until my harddrives starts up again, its really scary, i am afraid it is causing hardware malfunctions in long term. this has happened dozen of time now. 2) sometimes i leave the computer alone a while, i come back and i notice ctrl+alt+del doesnt work and winlogon.exe is using 100% of one of my 4 cores.

    Read the article

  • Windows XP Domain Logon takes between 40 - 60 minutes

    - by Bryan
    Windows XP Clients, fully patched, with Symantec Endpoint Protection 11 client Windows 2008 R2 domain Roaming profiles Folder Redirection applied to Documents, AppData & Desktop I've enabled userenv logging, and logged on just after 17:00 last night. The user shell hadn't appeared at 17:45 when I left last night. When I arrived this morning, I checked the log file and found the following. USERENV(3f8.e7c) 17:02:18:296 LogExtSessionStatus: Successfully logged Extension Session data USERENV(654.a30) 17:04:09:468 ImpersonateUser: Failed to impersonate user with 5. USERENV(654.a30) 17:04:09:468 GetUserNameAndDomain Failed to impersonate user USERENV(654.a30) 17:04:09:468 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(c8c.cb8) 17:04:09:781 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(cd0.cd4) 17:04:10:781 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(d08.c84) 17:07:09:609 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(cbc.cc0) 17:07:10:625 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\luall.exe USERENV(db0.db4) 17:07:10:781 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(e00.e0c) 17:07:11:062 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(e20.e34) 17:07:11:203 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(e40.e50) 17:07:11:406 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(efc.54c) 17:07:11:656 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(ccc.df0) 17:08:45:687 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(e24.e20) 17:08:45:937 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\luall.exe USERENV(ff0.ff4) 17:08:46:078 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(32c.cd0) 17:08:46:265 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(cc4.3d4) 17:08:46:406 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(434.4d0) 17:08:46:593 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(f2c.ac) 17:08:46:828 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(d60.d7c) 17:09:40:265 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(d94.d98) 17:09:40:531 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(bc4.3c4) 17:10:52:765 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(37c.90c) 17:10:52:984 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\luall.exe USERENV(580.540) 17:10:53:109 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(c18.c30) 17:10:53:312 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(c44.288) 17:10:53:468 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(a34.cf4) 17:10:53:656 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(d3c.d4c) 17:10:53:890 LibMain: Process Name: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe USERENV(970.948) 17:15:09:468 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(150.9dc) 17:15:09:734 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(f90.cec) 17:20:38:718 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(d8c.d70) 17:20:38:984 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(9a0.fa0) 17:26:07:953 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(844.51c) 17:26:08:218 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(d00.9ac) 17:31:19:453 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(ad4.624) 17:31:19:718 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(654.694) 17:31:46:390 ImpersonateUser: Failed to impersonate user with 5. USERENV(654.694) 17:31:46:390 GetUserNameAndDomain Failed to impersonate user USERENV(654.694) 17:31:46:390 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(af8.610) 17:36:48:625 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(aa4.dfc) 17:36:48:906 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(2dc.5c8) 17:42:17:812 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(f70.8ac) 17:42:18:078 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(d50.c30) 17:47:47:062 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(c2c.c3c) 17:47:47:328 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(ef0.4cc) 17:53:16:234 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(cd4.c84) 17:53:16:500 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE USERENV(828.8c4) 17:58:45:484 LibMain: Process Name: C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe USERENV(a24.b30) 17:58:45:750 LibMain: Process Name: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE I've seen posts suggesting that it may be Windows Desktop Search 3.01 that is causing this, so I've removed that. I've removed the policy, 'Always wait for the network at startup or logon', thinking that might have helped. I'm running out of ideas. Has anyone seen this before?

    Read the article

  • Authenticating Windows 7 against MIT Kerberos 5

    - by tommed
    Hi There, I've been wracking my brains trying to get Windows 7 authenticating against a MIT Kerberos 5 Realm (which is running on an Arch Linux server). I've done the following on the server (aka dc1): Installed and configured a NTP time server Installed and configured DHCP and DNS (setup for the domain tnet.loc) Installed Kerberos from source Setup the database Configured the keytab Setup the ACL file with: *@TNET.LOC * Added a policy for my user and my machine: addpol users addpol admin addpol hosts ank -policy users [email protected] ank -policy admin tom/[email protected] ank -policy hosts host/wdesk3.tnet.loc -pw MYPASSWORDHERE I then did the following to the windows 7 client (aka wdesk3): Made sure the ip address was supplied by my DHCP server and dc1.tnet.loc pings ok Set the internet time server to my linux server (aka dc1.tnet.loc) Used ksetup to configure the realm: ksetup /SetRealm TNET.LOC ksetup /AddKdc dc1.tnet.loc ksetip /SetComputerPassword MYPASSWORDHERE ksetip /MapUser * * After some googl-ing I found that DES encryption was disabled by Windows 7 by default and I turned the policy on to support DES encryption over Kerberos Then I rebooted the windows client However after doing all that I still cannot login from my Windows client. :( Looking at the logs on the server; the request looks fine and everything works great, I think the issue is that the response from the KDC is not recognized by the Windows Client and a generic login error appears: "Login Failure: User name or password is invalid". The log file for the server looks like this (I tail'ed this so I know it's happening when the Windows machine attempts the login): Screen-shot: http://dl.dropbox.com/u/577250/email/login_attempt.png If I supply an invalid realm in the login window I get a completely different error message, so I don't think it's a connection problem from the client to the server? But I can't find any error logs on the Windows machine? (anyone know where these are?) If I try: runas /netonly /user:[email protected] cmd.exe everything works (although I don't get anything appear in the server logs, so I'm wondering if it's not touching the server for this??), but if I run: runas /user:[email protected] cmd.exe I get the same authentication error. Any Kerberos Gurus out there who can give me some ideas as to what to try next? pretty please?

    Read the article

  • Group policy issues

    - by Alex Berry
    We are having an issue on one of our clients relatively new sbs installs. The domain consists of a single SBS 2011 server with 4 windows 7 clients and 3 xp clients. Most of the time everything is fine however roughly every 3 days windows 7 clients start timing out when trying to receive computer group policy. This results in hour long delays before getting to the login screen in the morning. This is accompanied by event ID 6006, win login errors stating it took 3599 seconds to process policy. Once they've booted they can log in without issue however gpupdate fails again on computer policy and gpresult comes back with access denied, even when run as domain admin... At this point if we restart the server the network is fine for 3 days. I thought perhaps it might be ipv6 or smb2, but disabling ipv6 on the clients doesn't help and the clients can browse the sysvol folder freely on smb2 anyway. Does anyone have any ideas or routes I can take to further diagnose the issue? Thanks in advance :)

    Read the article

  • Authenticating Windows 7 against MIT Kerberos 5

    - by tommed
    Hi There, I've been wracking my brains trying to get Windows 7 authenticating against a MIT Kerberos 5 Realm (which is running on an Arch Linux server). I've done the following on the server (aka dc1): Installed and configured a NTP time server Installed and configured DHCP and DNS (setup for the domain tnet.loc) Installed Kerberos from source Setup the database Configured the keytab Setup the ACL file with: *@TNET.LOC * Added a policy for my user and my machine: addpol users addpol admin addpol hosts ank -policy users [email protected] ank -policy admin tom/[email protected] ank -policy hosts host/wdesk3.tnet.loc -pw MYPASSWORDHERE I then did the following to the windows 7 client (aka wdesk3): Made sure the ip address was supplied by my DHCP server and dc1.tnet.loc pings ok Set the internet time server to my linux server (aka dc1.tnet.loc) Used ksetup to configure the realm: ksetup /SetRealm TNET.LOC ksetup /AddKdc dc1.tnet.loc ksetip /SetComputerPassword MYPASSWORDHERE ksetip /MapUser * * After some googl-ing I found that DES encryption was disabled by Windows 7 by default and I turned the policy on to support DES encryption over Kerberos Then I rebooted the windows client However after doing all that I still cannot login from my Windows client. :( Looking at the logs on the server; the request looks fine and everything works great, I think the issue is that the response from the KDC is not recognized by the Windows Client and a generic login error appears: "Login Failure: User name or password is invalid". The log file for the server looks like this (I tail'ed this so I know it's happening when the Windows machine attempts the login): If I supply an invalid realm in the login window I get a completely different error message, so I don't think it's a connection problem from the client to the server? But I can't find any error logs on the Windows machine? (anyone know where these are?) If I try: runas /netonly /user:[email protected] cmd.exe everything works (although I don't get anything appear in the server logs, so I'm wondering if it's not touching the server for this??), but if I run: runas /user:[email protected] cmd.exe I get the same authentication error. Any Kerberos Gurus out there who can give me some ideas as to what to try next? pretty please?

    Read the article

  • Creating a process in a non-zero session from a service in windows-2008-server?

    - by Itay Levin
    Hi, I was wondering if there is a simple way for a service to create a process in user session? My service is running as a user(administrator) account and not as a LocalSystem acount, therefore i can't use the WTSQueryUserToken function. i have tried calling OpenProcessToken(GetCurrentProcess,TOKEN_ALL_ACCESS,TokenHandle); but when i use this token to run CreateProcessAsUser(TokenHandle,.....) my process is still running in session 0. how can i resolve this issue? I'm using an Ole automation so i don't really care on which session the process will be running on, as long it is not the session 0 - because the Ole from some reason doesn't create its processes (winword.exe for instance) in session 0, but rather it creates them in other user sessions. Any suggestions will be welcome. Thanks in advance.

    Read the article

  • Why do I need to set up Autologon values in registry twice before it works and can i fix this?

    - by jJack
    Background: As part an automated testing suite I am building, I need to set up Autologon on my virtual machines 'on demand'. By on demand, I mean that I don't want to necessarily pre-configure my VM or any snapshot to have Autologon set up already, for security reasons and also a huge business case. My solution so far: I'm copying a script to the guest machine and then using Sysinternals PsExec to execute it. The script is: reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v DefaultUserName /t REG_SZ /d myusername reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v DefaultPassword /t REG_SZ /d myfakepassword reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v DefaultDomainName /t REG_SZ /d mydomain reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v ForceAutoLogon /t REG_SZ /d 1 reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v AutoAdminLogon /t REG_SZ /d 1 reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked" /f /ve /d 1 Note: I don't believe AutoLogonChecked is required for machines post Windows 2000 but I'm doing it just in case for now. Maybe ForceAutoLogon isn't either, not sure yet. The Problem: I see PsExec executes this properly and all the values are in the registry, however when I restart the machine, the user isn't automatically logged on...When I run this a second time then restart the machine, the user is finally logged on. A diff between the registry states shows that the first time I run this, it is missing both the "1" for AutoAdminLogon, and also the DefaultPassword key. The second time I execute it, these values are correctly intact as I intended. So, what is going on here? Is this expected? This post claims in the end that it really all just works (the problem was that a logoff script was setting off the values). Doesn't seem to work for me however.

    Read the article

  • Why do I need to set up Autologon values in registry twice in before it works and can I fix this?

    - by jJack
    Background: As part an automated testing suite I am building, I need to set up Autologon on my virtual machines 'on demand'. By on demand, I mean that I don't want to necessarily pre-configure my VM or any snapshot to have Autologon set up already, for security reasons and also a huge business case. My solution so far: I'm copying a script to the guest machine and then using Sysinternals PsExec to execute it. The script is: reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v DefaultUserName /t REG_SZ /d myusername reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v DefaultPassword /t REG_SZ /d myfakepassword reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v DefaultDomainName /t REG_SZ /d mydomain reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v ForceAutoLogon /t REG_SZ /d 1 reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v AutoAdminLogon /t REG_SZ /d 1 reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked" /f /ve /d 1 Note: I don't believe AutoLogonChecked is required for machines post Windows 2000 but I'm doing it just in case for now. Maybe ForceAutoLogon isn't either, not sure yet. The Problem: I see PsExec executes this properly and all the values are in the registry, however when I restart the machine, the user isn't automatically logged on...When I run this a second time then restart the machine, the user is finally logged on. A diff between the registry states shows that the first time I run this, it is missing both the "1" for AutoAdminLogon, and also the DefaultPassword key. The second time I execute it, these values are correctly intact as I intended. So, what is going on here? Is this expected? This post claims in the end that it really all just works (the problem was that a logoff script was setting off the values). Doesn't seem to work for me however. Note this seems unique to Windows 7, does not occur in Windows XP Also note that you don't need PsExec to recreate the issue - just modify the registry yourself EDIT/update: Login interactively and run script (so, not executing it remotely), logging off automatically logs me back in (so, it works) remotely execute the script in guest when I'm interactively logged in, logging off automatically logs me back in (so, it works) remotely execute the script in guest when with non-interactive session if I log in afterwards (so, interactive now) then back off, it logs me back in (so, it then works) EDIT/update 2: This only occurs for Win7x86, Win7x64, Win8x64. This does not occur for Windows XP

    Read the article

  • Editing a windows XP installation's registry without being able to log in.

    - by Alain
    I've got a windows XP installation that has a corrupt registry. A worm (which was removed) had hijacked the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon entry (which should have a value of Userinit=C:\windows\system32\userinit.exe When the worm was removed, the corrupt entry was deleted entirely, and now the system automatically logs off immediately after attempting to log in. Regardless of the user and boot mode, no accounts can be logged in to. The only thing required to correct this behavior is to restore the registry key, but I cannot come up with any ways of editing the registry without logging in to an account. I tried remotely connecting to the registry but the required services aren't enabled on the machine. I tried booting on the same machine using the BartPE boot CD but I could not find any way of editing the registry on the C:\Windows installation - running regedit only modifies the X:\I386\ registry in memory. So, what can I use modify the registry of an un-login-able Windows XP instance so that I can log in again? Thanks guys. EDIT: The fix worked. The solution to the auto-logoff problem was, as hoped, to simply add the value mentioned above to the appropriate registry entry. This can be done using the BartPE Boot CD, as described in the accepted answer below, but I used the Offline NT Registry Editor software mentioned in another answer. The steps were: Boot from the NT Registry Editor CD Follow the directions until the appropriate boot sector is loaded. Instead of using one of the default options for modifying passwords or user accounts, type "software" to edit that hive. Type '9' to enter the command line based registry editor. Type "cd Microsoft" (enter) "cd Windows NT" (enter) "cd CurrentVersion" (enter) "cd Winlogon" (enter) Type "nv 1 Userinit" to create a new value under the Winlogon key Type "ev Userinit" to edit the new value, and when prompted, type "C:\windows\system32\userinit.exe" (enter) Type 'q' to quit the registry editor, and as you back out of the system, follow directions to write the hive back to disk. Restart your computer and log in - problem solved. (generic 'warning: back up your registry' disclaimer)

    Read the article

  • AutoRestart Custom Shell .Net App

    - by MattH
    We have a .Net application that runs as a shell for certain users. We'd like the application to automatically restart when it crashes. The application is set as the shell here: HKEY_USERS*User*\Software\Microsoft\Windows NT\WinLogon\Shell I've tried adding an "AutoRestartShell" key with a value of "1", like what exists in: HKLM\Software\Microsoft\Windows NT\WinLogon. When I kill the application's process for the user (via RDP) the application exits, but never restarts. Ideas?

    Read the article

  • AutoRestart Custom Shell App

    - by MattH
    We have a .Net application that runs as a shell for certain users. We'd like the application to automatically restart when it crashes. The application is set as the shell here: HKEY_USERS*User*\Software\Microsoft\Windows NT\WinLogon\Shell I've tried adding an "AutoRestartShell" key with a value of "1", like what exists in: HKLM\Software\Microsoft\Windows NT\WinLogon. When I kill the application's process for the user (via RDP) the application exits, but never restarts. Ideas?

    Read the article

  • Win 7 slow Log off on Domain

    - by e2e2
    Our Windows 7 computers/laptops are very slow at logoff, around 7 minutes (no problem at log on). We don't have this issue on XP clients. Problem occurs after adding the Win7 clients on domain. I tried to reset user profile. After resetting logoff takes around 2 minuted and after everyday it takes longer and longer We are using roaming profiles. Event Viewer: Event ID: 6005 The winlogon notification subscriber is taking long time to handle the notification event (Logoff). And then a minute later Event ID: 6006 - The winlogon notification subscriber took 300 second(s) to handle the notification event (Logoff).

    Read the article

  • Blank displays after inactivity, mouse cursor not showing up

    - by Mike Christiansen
    I have a Windows 7 Enterprise x86 machine that is exhibiting some strange problems. After some inactivity (it varies how long it takes), when I come back to my computer, both of my monitors are black. The monitors are on, with a black display. Moving the mouse and pressing keys on the keyboard do not work. This happens at least once a day. When I first encountered the issue, I performed a hard shutdown and restarted the computer. About 10% of the time when I did this, the resolutions on my monitors were messed up. The native resolution on the primary monitor is 1600x900, and the native on my secondary is 1440x900. None of the widescreen resolutions would be present in the display properties. I had 800x600, 1024x768, and 1280x1024. As a workaround to this issue, I've found that if I plug in my secondary monitor as the primary monitor, and leave the secondary unplugged, then Windows will start in 1024x768 on the secondary. Then, I can use Windows 7's "Detect" feature and it finds the 1440x900 resolution, and sets it. Then I have to connect the primary monitor to the secondary port and set it as the primary. Then I can switch the two cables, putting the primary into the primary, the secondary into the secondary. Then use the "Detect" feature again, and it finds the correct resolutions. Some time after performing the above, I discovered that when the screens were blanked, I could simply press "Control+Alt+Delete", type in my password, and everything comes up fine - except my mouse cursor. All applications and features work as intended, except there is no mouse cursor (the mouse actually works though...). I have the "Show location of pointer when I press CTRL key" option selected, so I can press CTRL and use my mouse as normal - but I have no actual cursor. When the computer is in this state, UAC is also not functional. Whenever a UAC prompt appears, the screens go black (the original symptoms) and I have to press Escape to exit UAC. Because of the above symptoms (the UAC black screen thing, etc) I beleive winlogon.exe may be the culprit. However, I have no idea how to fix it. I am unable to restart winlogon.exe due to the problems I am having with winlogon.exe (the UAC black screen) Looking for any ideas.... More information Windows 7 x86 Enterprise Domain environment (I have a secondary account with administrator rights) Dell Optiplex 960 Cannot perform "optional" windows updates due to an activation issue (I am testing a windows 7 image, and an activation infrastructure has not been created yet. However, this issue was happening before I was unable to perform windows update, and windows was up to date at the time Updated video card driver (as an attempt to fixing the resolution issue) Disabled all power saving options Please let me know what else you need to help me solve this issue! Thanks in advance, Mike

    Read the article

  • Getting a virus is *very* annoying

    - by bconlon
    I spent most of yesterday removing an annoying virus from my PC. I feel slightly foolish for getting one in the first place, but after so many years I guess I was always going to eventually succumb. I was also a little surprised at the failure of various tools at removing it. The virus would redirect the browser to websites including ‘licosearch’, ‘hugosearch’ and ‘facebook’, and the disk would be thrashing away infecting dlls in some way. I had the full up to date version of McAfee installed. This identified that there was an issue in some dlls on the system and was able to ‘fix’ them. But they kept getting re-infected. So I installed Microsoft Security Essentials and this too was able to identify and ‘fix’ the infected dlls. The system scans take forever and I really expected better results. I also tried Malwarebytes, Hitman Pro, AVG and Sophos to no avail. Eventually I thought I’d investigate myself. It turned out that on reboot, the virus would start 3 instances of Firefox.exe which I’m guessing would do bad things including infecting as many dlls on the system as possible. I removed Firefox and the virus cleverly then launched 3 instances of Chrome! So I uninstalled Chrome and yes, it then started to launch 3 instances of iexplore.exe. If I’m honest, by this stage I was just seeing if it would be able to use any of the browsers! As it was starting these on reboot, I looked in my User Startup folder and there was a <randomly named>.exe and several log files. I deleted these and rebooted. When I looked they had been recreated. So I then looked in the registry Run and RunOnce entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Sure enough there were entries to run a file in C:\Program Files\<random name folder>\<random name file>.exe. I deleted this and rebooted and it was fixed. I also looked in the event log and found a warning that Winlogon had failed to start the file C:\Program Files\<random name folder>\<random name file>.exe So I also checked HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and this entry had also been changed. Finally I ran a full system scan to clean up any infected dlls. I hope it’s gone for good!  #

    Read the article

  • Setup a new domain controller over a temporary VPN, but now Windows delays startup?

    - by Kris Anderson
    I'm migrating servers from colo locations to Amazon's VPC EC2 instances. If anyone hasn't worked with Amazon VPC before, VPN is a pain in the arse! Anyways, I setup a new server that acts as the domain controller for our Amazon VPC. In order to migrate all the user accounts from our existing domain controllers I manually connected to our colo VPN using my user account on the new Amazon EC2 machine. I was able to join the domain and the new Amazon server became another domain controller on our network. So far so good. The problem I'm having is that when booting the EC2 domain controller (which is no longer connected to the VPN so it can't communicate with the existing controllers), it takes a good 6-8 minuted before I can remote into the server (instead of the 1-2 minutes it should take). Also, during this time most of the services we also run (like IIS) also give 404 errors until the 6-8 minutes have passed. It's almost like the domain controller is attempting to reach the other domain controllers first and after 6-8 minutes it falls back to the one located on the local machine? I don't think that's what's happening though, because Server 2008 R2 doesn't have primary and backup domain controllers. They're all equal as far as Windows is concerned. For my network adapter I have only one DNS listed, 127.0.0.1, so it should be looking up the local domain controller and not the other domain controllers it connected to over VPN when VPN was enabled. In the server logs I'm seeing these warnings pop up during a reboot: The winlogon notification subscriber is taking long time to handle the notification event (CreateSession). The winlogon notification subscriber took 409 second(s) to handle the notification event (CreateSession). Any ideas on what's happening here? I would try removing the existing domain controllers from the new Amazon EC2 machine, but I still need to connect over VPN a few times to migrate some data between the servers, and I don't want that change being reflected back to the other domain controllers in our colo locations.

    Read the article

  • How do I connect a 2008 server to a 2003 server active directory?

    - by Matt
    Our DC is running Windows Server 2003. I've just set up Windows Server 2008 and have terminal server running on it. When setting the terminal server permissions, it was able to allow a group name that was read from the domain. In the DC the new terminal server shows up as a computer in the domain. I can also log in as a user within the domain even though that user doesn't exist locally on the new server. However, when I go to set sharing permissions on the new machine it doesn't show my domain as a location. Instead it is only looking at location "machinename" and not allowing domain to be seen or added. Is there something I'm missing? Ok, lots of errors in the event log. We have this: The winlogon notification subscriber is taking long time to handle the notification event (Logon). Followed by this: The winlogon notification subscriber took 121 second(s) to handle the notification event (Logon). Followed by: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. I think this might be the same problem I'm having http://serverfault.com/questions/24420/primary-domain-controller-slow Solved. The issue was that I had changed from DHCP to static and put the wrong DNS server IP in. i.e. firewall instead of DC/DNS server.

    Read the article

  • IIS login / logout interferes with media player

    - by Mark Sowul
    So I'm listening to music with Windows Media Player, going insane because the music randomly stops playback every so often. I finally notice that it correlates with instances of csrss, winlogon, and logonui repeatedly starting and quitting. I finally tracked that down to IIS repeatedly logging on and off due to WebDAV requests going through my user account (my laptop syncing up with OneNote over WebDAV). I see tons of spam in my security event log for the logins. I am surprised that IIS needs to log in this much. This has only been happening for a couple of months. I'm not sure where the actual problem lies - with IIS, or Media Player, or what, so I figured I'd try and find out if the IIS login behavior is actually abnormal. Is it normal for IIS to log in this much? And is it normal for that to keep spawning winlogon, csrss, and logonui every second or so? I see a constant stream of logon events in the event log every few seconds presumably while OneNote is syncing. Logon (id = 1, source = laptop), Special Logon (id = 1, sets up privileges), Special Logon (id = 1, seems to set up the same privileges), Logon (id = 2, same laptop), Logoff (id = 2), Logoff (id = 1) The DefaultAppPool (only one apparently in use) has its idle timeout set to 20 minutes, and load user profile set to false. Not sure what other settings (if any) might be relevant.

    Read the article

1 2 3  | Next Page >