6

I'm having a problem with one user account in my domain. The domain controller is Server 2008 R2, with Win7 clients. The user's password expired, so she went through the process of changing it. We have group policy set up to require a complex password with at least 8 characters. She said that she filled in all of the boxes when changing her password. On her next login, she tried her new password, but it did not work (said it was incorrect). After a couple of tries, she accidentally hit enter without putting in her password, and it let her log in. However, when she got to the desktop, only the icons for All Users were showing. Also, her start menu only shows notepad.exe, and going into All Programs only shows the 'Accessories' and 'Maintenance' folders, nothing else. If she logs into a different computer (also with a blank password), the same thing happens. She is able to access shared folders, though, so she must be authenticated on the domain.

Here are some things that I've tried:

  • I had the user reset her password in 'Users and Computers' on the PDC. She was then able to log in using this new password, but the problem with nothing showing up remained.
  • I logged into her computer with my credentials and everything worked correctly.
  • I checked her account settings and group membership and it looked ok (and nothing was changed recently).
  • I had her log in as domain\username with her new password, and it didn't help at all.
  • I checked to make sure that the computers and her user were in the correct OUs in AD.
  • Running gpresult against her computer and user didn't show anything unusual.

I've never seen anything like this, so I'm out of ideas right now.

EDIT: Some more info: I just had the user try to log into the machine with a blank password (like she did before) and it did not accept it this time. I apologize for not trying this before I created this question.

I also just checked the credentials manager, and there are no cached credentials on the computer.

Note: I edited the title to make it more clear what the issue is.

Chris
  • 63
  • 2
  • 7
  • 1
    Is this about logging in with no password, or is it about not having all her "stuff" ? – MichelZ May 06 '14 at 17:26
  • 1
    You're describing two different (but interesting) problems: Your user was able to log in with no password - Bad, since presumably that shouldn't happen. Your user's "stuff" was missing when they logged in - Also Bad since *that* shouldn't happen either.) We can really only help with one problem per question, so figure out which one would you like assistance with first and re-scope this question. Once we sort *the first problem out* if the second is still an issue post another question and we'll try to figure out what's going on :) – voretaq7 May 06 '14 at 17:50
  • I assumed that since both problems occurred at the exact same time (the login after the password change), that they were related to each other, or that one caused the other. HopelessN00b, the question is - What can I do to make it so the user is able to see all of her desktop and start menu items? – Chris May 06 '14 at 18:13
  • 2
    Do her files still exist in `C:\users\usernamehere`? I could see it being a corrupt profile or a temporary profile that she was able to log into. – Justin May 06 '14 at 18:50
  • 2
    I'd probably start by backing up her profile folder. I'd then delete her profile from the computer, force a password reset from the PDC and have her log in fresh, then migrate her data back in. – Justin May 06 '14 at 18:52
  • Chris, what is the answer to @Justin's first question? – Brad Bouchard May 06 '14 at 19:04
  • @BradBouchard We redirect My Documents to \\server\users\username, and all of her documents are on that share. The other folders that are located on her C drive like Downloads, Favorites, etc. appear to be all intact and up-to-date. I checked C:\users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ and it only shows Accessories and Maintenance. I cannot currently try Justin's suggested fix since the user in question is in a meeting right now. – Chris May 06 '14 at 19:20
  • I checked the All Users start menu folder in ProgramData\Microsoft\Windows\Start Menu\Programs and everything is in there, but not showing up for this user. – Chris May 06 '14 at 19:28
  • If you turn off all roaming profile settings for the user in AD, or logon to a machine that does not use roaming profiles - what happens then? – Ashley May 07 '14 at 08:56
  • @Justin That seemed to work (mostly). I backed up the profile from C:\users, had the user log out, deleted the profile, and reset the password. When the user logged in again, though, it was using a temporary profile. I had to follow this KB to stop it from using a temporary profile: http://support.microsoft.com/kb/947242. Once I did this, it created a brand new profile in C:\users, and I could copy the folders from the backup I had created. I logged out and back in and it seems like it is working so far. I will update if anything else changes. Thank you all for your help! – Chris May 07 '14 at 14:13
  • i am thinking ... Goto AD and right click the user account unlock and reset the password – Prasad Jul 01 '14 at 11:44

2 Answers2

1

Her profile is corrupt, period. How it happened is a bit of an interesting mystery, but the fix is the same. Delete/recreate her profile and copy all of her stuff back over.

My guess is that somehow the winlogon process got really confused somehow and set her profile directories (desktop, start menu, etc.) to the All Users profile. As far as her being authenticated to the network, that just can't have happened unless she did get her password right at some point and winlogon was lying to her about it. Either that, or the shares she had access to have the everyone permission set.

Like I said, interesting mystery. But I'm betting if she signed into a different computer everything would work correctly.

Wes Sayeed
  • 1,902
  • 6
  • 28
  • 43
0

You can try a WMI fix for such issues. Not sure if this shall properly fit in to your environment of your problem. I had been looking over the net for solutions quite a time and created a bat file to serve my purpose whenever I fall into such issues just like the one is mentioned here. (This bat file works for XP, may need to make change sa per different OS)

@echo on
net stop winmgmt /Y rd c:\windows\system32\wbem\repository /s /Q
cd /d c:\temp
if not exist %windir%\system32\wbem goto system 
cd /d %windir%\system32\wbem 
net stop winmgmt 
rd c:\windows\system32\wbem\repository /s
winmgmt /kill
for %%i in (.dll) do RegSvr32 -s %%i
for %%i in (.exe) do call :FixSrv %%i
for %%i in (.mof,.mfl) do Mofcomp %%i
net start winmgmt

References: http://msdn.microsoft.com/en-us/library/aa394582%28v=vs.85%29.aspx

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
Priyesh Nambiar
  • 1
  • 2