problem with logon on a windows 2000 or XP client machine

[lightframe]

Hi,

I have this weird problem.
I installed a computer with windows 2000 pro with SP4 and all updates
and hotfixes. Everything went well, but then disaster struck.
I joined this machine to a windows 2000 domain. The domain users are
member of the local users groups. My account is member of the local
administrator group.
When I log in with a domain user account on this machine, the screen
stays perfectly blue. There is no hard drive activity at all. When I
log out and log back in with my own domain account (which is member of
the local administrator group on the computer), I get my desktop and I
can change settings and install software. When I add the domain users
to the local administrators group and log in with a domain user
account, I also get the desktop and everything on it.

I also have the same problem when I do this on a Windows XP
workstation.

Please help, because it's driving me crazy. I don't want the domain
users to be local administrators. This messes up our whole security
policy!

 

[Steven L Umbach]

Did you change any permissions on these computers either locally or via
Group Policy - filesystem? It certainly sounds like a permission problem of
some sort. Take a look at the logs via Event Viewer to see if anything is
recorded that may be of help and verify that users have read/list/execute
permissions to the root folder for the system drive, the documents and
settings folder, and the \winnt or \windows folder. Also make sure there are
no deny permissions for any groups on those folders that may also include
the user. If that does not help what I would try on one computer is to use
secedit as described in the KB article below to reset security settings to
default defined levels and append the command with areas /filestore so that
only NTFS permissions are restored. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222

 

[Steven L Umbach]

I forgot to add that also verify that the users show as members of the users
group on the computer as I have seen similar behavior if they somehow became
removed from it. --- Steve

 

[lightframe]

I forgot to add that also verify that the users show as members of the users
group on the computer as I have seen similar behavior if they somehow became
removed from it. --- Steve

I changed the permissions locally. No errors are logged in the event
log.

I did some further research and I believe it has something to do with
some kind of windows hotfix that was released after SP4 for windows
2000 or SP2 for windows XP, which is also available for windows XP SP1.
I think this is the case, because last week I installed a pc from
scratch. I installed windows 2000 SP4 and after that I installed all of
the hotfixes via windows update.
Then I joined the pc to our domain and guess what, I was not able to
log in as a normal user.
After that, I installed windows XP SP1 on a similar pc (has exactly the
same mainboard, processor, harddrive etc), but this time I didn't do
windows update. Joined the pc to the domain and I could log in as a
normal user. I know from some earlier attempts with other pc's, that if
I update windows via windows update and try to log on, the result will
be dissapointing.
I know these 2 cases are somewhat comparable because of the difference
in OS, but when I have some time left this week, I'm going to test my
theorie.