Weird XP Home Logon Problem...

[bob4432]

i have a friend computer that is having a weird problem. it has windows xp home w/ sp2. when you start it up, all seems fine and you get your start screen, then you get the "Log On to Windows" and i can see Administrator as the user name grayed out with no passord behind a new message box that pops up saying "Unable to log you on because of an account restriction" with an ok only button. once you click ok, you are taken to the screen where all the user names on the computer are listed. when you click on any of them it says "loading you personal settings", then "logging off" and then back to the screen with the popup stating "Unable to log you on because of an account restriction".

any ideas what the hell is going on?

do i need to take my handy floppy out and reset the passwords?

 

[bob4432]

please help me out here...

 

[bob4432]

bump for some much needed help...

 

[bob4432]

bump

 

[tyanni]

When did this start happening? Right after SP2 was installed? Have any other security settings been changed on this machine?

Whats odd is that the message you are getting about the account restriction is normal for an attempt to log in as the Administrator - this account is only available via Safe Mode on XP Home. I am not sure why you are getting it when logging in via a normal account. The greyed out Admin account makes me think that its trying to login as Administrator automatically.

If you reboot into safe mode, can you login as the administrator? If you can, check the local security policy and see if login is denied to any of the users.

Tim

 

[bob4432]

Originally posted by: tyanni
When did this start happening? Right after SP2 was installed? Have any other security settings been changed on this machine?

Whats odd is that the message you are getting about the account restriction is normal for an attempt to log in as the Administrator - this account is only available via Safe Mode on XP Home. I am not sure why you are getting it when logging in via a normal account. The greyed out Admin account makes me think that its trying to login as Administrator automatically.

If you reboot into safe mode, can you login as the administrator? If you can, check the local security policy and see if login is denied to any of the users.

Tim

thanks for getting back to me.

honestly, i really don't know when it started as it is not my machine. i was told that it started a couple of days after a bunch of spyware was removed. i don't think the spyware was the root of this problem because it should have started immediately if that was the case.

i can not get into the machine in safe mode either, it does the same thing. i have also tried my handy linux boot floppy that allows me to view users and make adjustments to the passwords and such, but with the administrator account on this machine, it will not let me. i have used this floppy on win2k pro, win2k adv serv and win xp successfully so i don't really know why it is not working on this setup. through the floppy i was able to turn on the guest account without a password but i still can't get in..... i have never had this much trouble with anything computer related (i have built atleast 50 between mine and friends, setting up networks, setting up webservers with db on the backends, programming, flash, video editing, sound editing, web development, anything) and i have been messing around with them for about 9 years...... i have ghosted the drive to another one so i can be a little agressive without the fear of data loss.

 

[tyanni]

Sometimes this happens when the userinit entry in the registry points to a spyware file which is gone - this may be the case here. Can you connect to the registry on the remote computer from another pc on the network? Check the key HKEY_LOCAL_MACHINE/Software/Windows NT/CurrentVersion/Winlogon - what does the userinit key point to? It may point to wsaupdater.exe instead of userinit.exe, when you fixed the spyware infestation and removed the software, windows didn't know where to look, and thus it tries to log you in and then kicks you out.

Try this:

Boot to the recovery console
rename userinit.exe to wsaupdater.exe (or whatever it points to, if diff. from userinit.exe)
type: ren %systemroot%\system32\userinit.exe wsaupdater.exe

Reboot the computer, and try to log in normally.
You can then edit the registry entry and rename the file back to userinit.exe again

 

[bob4432]

Originally posted by: tyanni
Sometimes this happens when the userinit entry in the registry points to a spyware file which is gone - this may be the case here. Can you connect to the registry on the remote computer from another pc on the network? Check the key HKEY_LOCAL_MACHINE/Software/Windows NT/CurrentVersion/Winlogon - what does the userinit key point to? It may point to wsaupdater.exe instead of userinit.exe, when you fixed the spyware infestation and removed the software, windows didn't know where to look, and thus it tries to log you in and then kicks you out.

Try this:

Boot to the recovery console
rename userinit.exe to wsaupdater.exe (or whatever it points to, if diff. from userinit.exe)
type: ren %systemroot%\system32\userinit.exe wsaupdater.exe

Reboot the computer, and try to log in normally.
You can then edit the registry entry and rename the file back to userinit.exe again

unfortunately i did not do the spyware cleaning, but this is what i was told, and i do not know if anything else took place. i do know that when i used my floppy that i normally use to change the admin password, i did get a weird error, saying that something didn't exist. i will rehook up that machine to my server's monitor and keyboard/mouse and get the exact vervage.

how would i connect to the registry via another computer? i can definately put it on my network and try anything. if i scan it with languard will that let me mess with the registry? also, i could put the drive in another computer, but could i access anything that way?

also, for some reason i can't boot from cdrom, the optical drives appear ok, but everytime i put a bootable rom in there, the machine acts as if there is no bootable rom...

is there a way i can get to recovery console with a floppy?

 

[tyanni]

If its on the network, connect to it by opening regedt32 and going to file -> network registry. Put in the name of the other pc. That is the easiest way. You need to boot to the recovery console using the XP cd - it may be worth a try to just rename userinit.exe to wsaupdater.exe and seeing if you can login again, without worrying about the registry, as it appears from the search I did on google that is is usually what userinit is changed to.

Tim

 

[bob4432]

Originally posted by: tyanni
If its on the network, connect to it by opening regedt32 and going to file -> network registry. Put in the name of the other pc. That is the easiest way. You need to boot to the recovery console using the XP cd - it may be worth a try to just rename userinit.exe to wsaupdater.exe and seeing if you can login again, without worrying about the registry, as it appears from the search I did on google that is is usually what userinit is changed to.

Tim

damn, i don't even know the name of the other pc.... maybe i will try to scan it with languard and see if remote registry is allowed...hopefully it is

 

[bob4432]

thanks for all the help, looks like i got it. i put the hdd in another one of my computers and renamed the userinit.exe to wsaupdater.exe. this got me able to start in safe mode, then i went and changed the the registry keys under HKEY_LOCAL_MACHINE/Software/Windows NT/CurrentVersion/Winlogon - the userinit needed to go back to userinit.exe and also the AutoAdminLogon because it got set to 1, instead of 0.

thanks again for all the help

 

[tyanni]

You know, that was probably the easiest way to do it . Glad to hear you are in - now its time to educate your friend on the virtues of firefox so this doesn't happen again.

Tim