standard user account just logs off.

AndrewL

New Member
When I my son signs on it comes back with logging off and logs him off.
I am setup as an administrator and can log on without any problems, my son's account is setup as standard user account with parental controls turn on.
I have deleted his account and created a new one as a standard user, I tried turning off parental controls and I still get the same problem.
The only way around this I have found so far is to make his account an administrator.
Which is not something that I want to keep this way.

Can someone please help me to correct this problem.

Thanks
Andrew
 

My Computer

Re: statndard user account just logs off.

All non-admin accounts result in immediate logoff?

Does that also happen if you boot the machine into safe mode (hold F8 at startup)?

Is anything of interest logged at the time in the system or app event logs (run EVENTVWR afterwards to check)?

Have you installed any additional "parenting" software on that machine?

What worries me a little is the fact that adding a user to the admins group "fixes" this. That would presumably rule out any account-specific configuration settings such as the contents of their Startup folder (they still run the same startup group as admins). You may also wish to run a thorough malware scan, if you haven't already done so.
 

My Computer

All non-admin accounts result in immediate logoff?
- Yes all non-admin accounts logs off immediately.

Does that also happen if you boot the machine into safe mode (hold F8 at startup)?
- Have not tried it yet.

Is anything of interest logged at the time in the system or app event logs (run EVENTVWR afterwards to check)?
- Yes there is a bunch of entries in the system log
I can see the logon then a couple of Process creation, 3 process termination and a logoff. Here is what is in the process creation:

A new process has been created.

Subject:
Security ID: SYSTEM
Account Name: LOCKHART-PC$
Account Domain: MSHOME
Logon ID: 0x3e7

Process Information:
New Process ID: 0x1788
New Process Name: C:\Windows\System32\userinit.exe
Token Elevation Type: TokenElevationTypeDefault (1)
Creator Process ID: 0xaa4

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.



Have you installed any additional "parenting" software on that machine?
- No I have not installed any other "parenting" software.

What worries me a little is the fact that adding a user to the admins group "fixes" this. That would presumably rule out any account-specific configuration settings such as the contents of their Startup folder (they still run the same startup group as admins). You may also wish to run a thorough malware scan, if you haven't already done so.
- Yes I have scanned for everything. malware, virus,..
 

My Computer

Try safe mode, because if that works (users can log on and stay logged on) then there's hope for a relatively simple troubleshooting strategy - MSCONFIG and Autoruns (from www.microsoft.com/sysinternals).

Otherwise, if safe mode behaves the same way too, I personally cannot think of how you could troubleshoot something like this without direct debugging, and that's not practical unless you're a C/C++ developer or have access to one who's friendly and willing to spend a lot of time debugging the affected machine.

One of the troubleshooting mechanisms that Vista unfortunately didn't carry over from XP is "user environment logging", a.k.a. userenv logging. Under XP, that produces a readable text file which is a record of all activity during logon and logoff at a function level. On Vista, the log that's produced can only be read by MS. If you really don't want to be reinstalling this machine, you might consider asking MS to help you troubleshoot.
 

My Computer

I just tried safe mode and it comes up with the welcome screen for a few seconds but them goes to logging off.

The other thing I have installed was I upgraded MS Office of 2003 to 2007. Now my 16 year old has tried his hand at hacking.. he has no really programming skills so it is only what he could find and understand on the internet.

I do know some JAVA, I programmed in it for 2 years. would that be close enough to C/C++ debugging?

I really don't want to have to reinstall the machine, I just got it in December and it has taken me this long to get Vista to the way I like it.

I will take your suggestion and contact MS.
Thanks for all your help.
Andrew
 

My Computer

I mean no disrespect at all when I say that debugging will not be a practical option in your case.

It seems possible that your son has "brought something home" from his internet travels which has damaged the default configuration, and the anti-virus is not picking it up. I don't have any practical solutions for you, but others might.

Enabling "logon auditing", which also audits logoffs, may provide some additional insight:

Run GPEDIT.MSC
> Computer Configuration
>> Windows Settings
>>> Security Settings
>>>> Local Policies
>>>>> Audit Policy
Change "Audit logon events" to log both "success" and "failure".

Otherwise, if you've got older restore points available, that might be worth a try. You might also want to run SFC /SCANNOW or even a repair install of the OS. If the problem is one of configuration, that won't help though.

EDIT: What happens if you disable the UAC as a test? I'm not suggesting you run with UAC disabled (that's not good security), but I'd be interested to know whether the same thing happens with UAC off (based on those events you pasted).
 
Last edited:

My Computer

Have you already looked at this? userinit.exe problem gives rise to the revolving door syndrome.
I've posted in case anyway

Windows Log on and Log off immediately.
and the procedure;

Open Regedit

1. Navigate to
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

2. If there is a key named "OldUserinit", delete the "Userinit" key and rename the "OldUserinit" key to "Userinit".

maybe worth a look

3. The "Userinit" key should now say
"WINDOWS_PATH\system32\userinit.exe,"

"WINDOWS_PATH" is relative to where you have your windows installed.
Mine would be "C:\WINDOWS\system32\userinit.exe,"
 

My Computer

I also have this problem for a couple of days. only the "regedit" works.
when i navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" i have found other program running at startup together with the "userinit.exe". i deleted it and yeah! it solved the problem.thank you very man!! much appreciated your help. :D

sorry for bad english. :D
 

My Computer

Back
Top