Over 1 million tech questions and answers.

ATA does not recognize any logons on domain controllers

Q: ATA does not recognize any logons on domain controllers

Hi everybody,
after my last Implementation of ATA (one week ago) I got a strange "condition". It's an implementation with LWGW on all DCs (Server 2012 R2), no seperate gateway installation.
Everything worked like a charm, as always, just worked through the deployment guide. We get alerts on DNS Enums or suspitious AD requests. We see logons on different member servers and clients if we search for them. We see changes to security groups and
we even see if I create a new service on one of the DCs so I guess event forwarding works.
What we don't see: Any logons on the domain controllers. It doesn't matter if I rdp into one of the DCs or via console. If I search for one of the domain controllers and let ATA show the "profile page" of it, the timeline ist just empty. Tried
different DCs, different user accounts, even created new users and new domain admins. ATA doesn't recognize any logon on domain controllers.
I appreciate any hints.

Thanks!

Thanks, regards, tim

Read other answers
RELEVANCY SCORE 200
Preferred Solution: ATA does not recognize any logons on domain controllers

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 70.4

I am trying to find a way to force Windows 95/98 users on an NT domain to log onto the domain, even if they want to use the local machine only.

Currently, if the 'Escape' key is pressed when the domain logon box appears, the logon is bypassed, and the user can access the local machine, but with no network connections.

What I want to do, is to disable this bypass facility, and force them to logon to the domain.

Any help would be greatly appreciated.
 

A:Domain logons

95/98 wasn't designed to be a secure operating system. If you're really looking to lock it up, you ought to move to NT or 2000. But, I *think* there might be an option in Policy Editor to force network logon. I think the editor should be on the 95 or 98 CD, but I know you can download the '95 version <a href="http://www.microsoft.com/windows95/downloads/contents/WUAdminTools/S_WUManagementTools/W95PolicyEditor/Default.asp">here, from Microsoft's site</a>.
 

Read other 1 answers
RELEVANCY SCORE 69.6

Hey there all..

Is there any way to set up a laptop running WinXP to log into a NT4 domain(at work) and a peer to peer workgroup(at home)?

Thanks in advance!
 

A:Workgroup and domain logons - XP Pro

i belive it can be done using profiles how i have not a clue but that would be where i would start at
 

Read other 2 answers
RELEVANCY SCORE 68.4

I sometimes run Belarc Advisor to monitor the users and logons on my computer (Windows 8 Home Premium upgraded to Windows 10). I hadn't ran Belarc in over a year, but noticed recently that my administrator account had a "domain logon" about 11
months ago. I thought this was suspicious, so I created a new administrator account and deleted the old one. I reran Belarc Advisor, and it now indicates a Windows Manager domain logon ("DWM-1", "DWM-2", or "DWM-3") occurring
each time I log in to my new administrative account.
Does this indicate that my computer is hijacked? When I view my computer name and workgroup in the Contol Panel, it doesn't indicate that I'm part of a domain. But what do these domain logons indicate? I've had the computer for almost 5 years, and Belarc
noted the first domain logon less than a year ago.

Read other answers
RELEVANCY SCORE 62

I have quite a number of DC's and the configuration of port mirroring is something that we just cant take on.

I understand there is going to be a release of ATA where the port mirroring is not a requirement and an agent will take that role on the DC.

Anyone heard of this?

Read other answers
RELEVANCY SCORE 62

Hi Just installed the latest version of Windows 2003 for Small Business (Sp1)

I have installed this OS on a new Fujitsu PRIMERGY TX150 S4.

Now I want just to use this Server as a server on a Workgroup. But the OS insists that it should be the Domain Controller. And then it just shuts it self down. Below is a log from the event viewer. Is there a way around this or will I have to bow down to the might of Microsoft. Just don't really want to configure the entire Lan from workgroup to Domain
Event ID 1014
Source SBCore

This computer must be configured as a domain controller. It will be shut down in 30 minutes. To prevent this computer from shutting down, run Setup on the disk that you used to install the operating system to configure the computer as a domain controller.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 

A:Domain Controllers - Can anyone help please

Read other 8 answers
RELEVANCY SCORE 62

We have a primary and secondary domain controller on our network. We use a windows 2000 exchange server as our primary controller and another server as our secondary controller. to start, the active directories are not the same, as they should be between the two servers. how do i fix that?

the other problem I am starting to have is that the Windows xp client machines can't find the domain after being rebooted. I end up having to rejoin the domain in order to get the client machines to log on. If the client logs off, without rebooting, logging back onto the domain is no problem. I think this has something to do with the clients trying to log onto the secondary controller for some reason, and since the active directories arent sync'd, its only causing more problems...can anyone shed some light on the subject? thanks.
 

A:Domain Controllers

Hey DVation, sounds like you need to force replication for Active Directory between your Primary and Secondary domain controllers. Only members of Domain Admins or Enterprise Admins groups can perform this function unless you have been delegated the appropropriate permissions.
Refer to the following link for details:
http://www.microsoft.com/technet/tr...2003/proddocs/entserver/dssite_force_repl.asp
***********
As far as your XP machines go, make sure that your DNS suffix for each PC is correct and that your IP, DNS, and Gateway addresses are correct. Windows 2000/XP use DNS for name resolution in an Active Directory environment. Also, is Active Directory running in Mixed Mode or Native Mode?
 

Read other 3 answers
RELEVANCY SCORE 61.2

Unless i am missing something we cant "detect" a new domain controller added to a enviroment as this is a "regular" task , not sure if admin logging on to new server would trigger in a enviroment that have been running more than 30 days

But 
Adding Domain Controllers to sentisive groups
Listing Domain Controllers not monitored by ATA
List newly created/removed domain controllers

Would be a great feature for future versions

Read other answers
RELEVANCY SCORE 61.2

greets,

I have an older 2000 server which is a domain controller, I can not for the life of me figure out how to demote the machine so i can rejoin it to a new domain. I do not need two domain controllers in this network.
any ideas on how to? i already tried start>run>dcpromo


I decided to post here since i didn't see a section for server 2000. thanks
 

A:problems with Domain controllers

Read other 7 answers
RELEVANCY SCORE 61.2

i configured a domain controller on my virtualbox and i want to connect another DC to it. the guest machine is windoms 8. the network adapter i used is NAT. first DC IP:192,168,5.2, Gateway: 192.168.5.1, Subnet mask:255.255.255.0 and DNS as the gateway IP. for the second domain controller, server IP: 192.168.5.3, gateway: 192.168.5.1 and DNS as the IP of the first DC..192.168.5.2......i dont know why they are not communicating with each other. The moment i run dcpromo on the second DC it comes up with an error message to check my DNS and the domain name...it comes with this error too, 0x000005B4_TIMEOUT.....CAN ANYONE HELP
 

Read other answers
RELEVANCY SCORE 61.2

I have only got 2 domain controllers on my network, the primary server deals with all my DNS, file charing etc, server2 is our proxy server but also doubles up as a backup domain controller.
The problem is server2 cannot update active directory from server1
i get the following message when trying to connect to server1 from server2
"The domain controller server1 was not validated because. The RPC server is unavailable"
I am also getting plenty of error events on both servers, the error i am getting on server1 is event 1645
"The Directory Service received a failure while trying to perform an authenticated RPC call to another Domain Controller. The failure is that the desired Service Principal Name (SPN) is not registered on the target server. The server being contacted is daa52d87-1d82-44f1-b032-a6930524e669._msdcs.isenterprisesintl.co.uk. The SPN being used is E3514235-4B06-11D1-AB04-00C04FC2DCD2/daa52d87-1d82-44f1-b032-a693[email protected]
Please verify that the names of the target server and domain are correct. Please also verify that the SPN is registered on the computer account object for the target server on the KDC servicing the request. If the target server has been recently promoted, it will be necessary for knowledge of this computer's identity to replicate to the KDC before this computer can be authenticated. "
I have looked this up on ms.com and found an article explaing a hotfix will fix this. All updates are installed, so it obvious... Read more

A:Domain controllers cant replicate

just been running a few more checks and have seen a descrepancy between the 2 servers
server1
Schema server = server1
Domain server = server1
PDC server = server1
RID server = server1
Infrastructure server = server1
server2
Schema server = server1
Domain server = server1
PDC server = server1
RID server = server1
Infrastructure server = server2 ---- ????

I have tried to change this setting on server2 in active directory operations masters, but it says
"The current domain controller is the operations master. To transfer the operations master role to another computer, you must first conenct to it"
But it wont let me connect to the other DC because it cant find the RPC server!!! argghh
is there another way to alter these settings?? anyone??
 

Read other 1 answers
RELEVANCY SCORE 61.2

Hope this belongs here............

I have some questions regarding changing the hardware in my domain controller. Im basically rebuilding it with new Processor, RAM, Mobo, etc.
Its just a desktop computer running Windows Server 2003. I plan to keep all the names of the machine and IP/domain the same. Is there anything I need to lookout for by doing this? I dont want to lose my active directory and user accounts on the machines that rely on this domain controller. Can I just build the new server, set it up as a domain controller with all the same settings and the computers will be aable to log into the new controller with the same users?
 

A:Changing Domain Controllers

Read other 6 answers
RELEVANCY SCORE 61.2

Hello,

I just swapped out domain controllers and am now having synchronizing issues. It is still looking for the old server that i just replaced and i cant make it look for the new one. Does anyone have any suggestions?

Thanks!!

Read other answers
RELEVANCY SCORE 61.2

Actually, I have 2 DC's 1 Threat Management Gateway, 1 Windows Server (Web Server), 1 Windows Storage Server, 2 Exchange servers and 1 Sharepoint Server and 2 Hyper-V servers. ALL Running Server 2008 R2

Should I be upgrading any of these to SP1?

A:Upgrade Domain Controllers to SP1 or not

Hello Abuttino,

I would recommend to wait until the "official" SP1 RTM is released by Microsoft sometime this first quarter of 2011. Afterwards, it should be available in Windows Update, and for download (standalone version) directly from Microsoft.

Hope this helps,
Shawn

Read other 2 answers
RELEVANCY SCORE 60.4

At my work we have an active directory domain. In the root of this domain there are two domain controllers.

ie dc1.mywork.com, dc2.mywork.com

When users login, they always seem to get authenticated by dc2, as you can see the login script running from that server, and when we shut down dc2, no one can login.

(have not shut down dc2 for any length of time to see if dc1 will eventually "take over" the login duties)

Where can I specify which server provides authentication for the domain? Or can I be assured that dc1 will take over for dc2 when dc2 goes down?
 

Read other answers
RELEVANCY SCORE 60.4

I was excited to see that the new ATA 1.6 has a Lightweight Gateway that no longer requires port mirroring by installing it directly on the Domain Controllers. This makes total sense to me and gives me confidence in this ATA team. We have VMWare
and the port mirroring was an issue.
However, we are not excited about the .NET requirement on the Domain Controllers. The installation does indicate it is needed for the setup, but does anyone know if we can uninstall the .NET component once the installation is complete? Any thoughts?
Thanks!
-Srvrgeek

Read other answers
RELEVANCY SCORE 60

I have over 400 domain controllers. The initial look at ATA seemed to require port mirroring on the DC's and that was just impossible. I was told an agent of some type on the DC's was coming. Is that an option now?

Read other answers
RELEVANCY SCORE 58.8

I have the latest version of ATA - 1.9.7312.32791
I have deployed ATA Lightweight Gateway to many domain controllers throughout my organisation from exactly the same "Microsoft ATA Gateway setup.exe" with accompanying .json file in the same folder.

Nearly all the Domain Controllers have been Windows Server 2016 Core with a quiet install via command line.
The installation has worked perfectly with the exception of two domain controllers on the same physical subnet/site.
The installation error code in the log is:
Error [\[]TaskAwaiter[\]] System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
Failed to validate certificate thumbprint [\[]thumbprint=FC78E602AA1E8BF57CC2270E81788E5ADC511DF4[\]]

Seeing as every other installation worked fine, I suspect something must be blocking or interfering with the certificate being successfully negotiated back at the ATA centre
The likelyhood if being an error with the JSON file is extremely small as the failures occurred in the middle of the installation program, with successful implementations either side of the two that failed.

What can I get the network team to check regarding firewalls, network traffic or blocked ports?

Has anyone seen similar?

Thank you

Chris

Read other answers
RELEVANCY SCORE 58.8

Can Microsoft please provide methodology for setting up Windows Event forwarding (Sender initiated) for a Domain Controller based on a Windows Server 2012 R2 Core installation? Unfortunately all of your documentation relies on using the local Event
Viewer GUI to set this up. Connecting Event Viewer from a full Server 2012 installation to a Core Installation loses this ability entirely. The only option I've tried to employ so far leverages an .xml file, but I am not sure it is working correctly.

Please note: this is for Windows Security Event ID 4776 ingestion.

Read other answers
RELEVANCY SCORE 58

I want to set all my domain controllers (DC and RDC) to pull time from time.windows.com. In order to achieve this I am planing to create a gp (Computer Configuration/Policies/Administrative Templates/System/Windows Time Service/Time Providers)and
link to Domain Controller OU.
My question is, is it the best thing to do, or is there any risk or best practices with respect to this.

Read other answers
RELEVANCY SCORE 58

After the 1.9 upgrade we got an Timeline event about Brute Force attacks.
When investigating and looking at Event Logs >Security I started to panic when noticing 4776 errors against user: "administrator" and the source workstation was always a domain controller.
This would happen every few seconds.  Stopping the ATA gateway service on the domain controllers stopped this behaviour.
Any ideas or recommendations?
Thanks
The computer attempted to validate the credentials for an account.

Authentication Package:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account:    [email protected]
Source Workstation:    DC4
Error Code:    0xc0000064

Read other answers
RELEVANCY SCORE 58

I am attempting to lab up ATA 1.7.1, and am having a similar issue to the following ATA Forum thread: https://social.technet.microsoft.com/Forums/security/en-US/c817193a-9859-48fa-a208-eb644b17005b/service-on-lightweight-gateway-wont-start?forum=mata
Event viewer is showing that the service is attempting to restart, and the ATA logs are full of this error (occurs every 20 seconds):
2016-10-18 23:49:50.2983 856 5 00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient+<OnInitializeAsync>d__12] Microsoft.Tri.Infrastructure.ExtendedException: Domain controllers are not configured
at Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.<OnInitializeAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.ModuleManager.<OnInitializeAsync>d__4.MoveNext()
--- End of stack trace from previous location whe... Read more

Read other answers
RELEVANCY SCORE 54.4

I come to you again seeking help. We have a problem with our logon and startup to our Windows 7 Enterprise system. We have more than 3000 Windows Desktops situated in roughly 20+ buildings around
campus. Almost every computer on campus has the problem that I will be describing. I have spent over two months peering over etl files from Windows Performance Analyzer (A great product) and hundreds of thousands of event logs. I come to you today humbled
that I could not figure this out. The problem as simply put our logon times are extremely long. An average first time logon is roughly 2-10 minutes depending on the software installed. All computers are Windows 7, the oldest computers being 5 years old. Startup
times on various computers range from good (1-2 minutes) to very bad (5-60). Our second time logons range from 30 seconds to 4 minutes. We have a gigabit connection between each computer on the network. We have 5 domain controllers which also double as our
DNS servers.
My original posts on:
Technet: http://social.technet.microsoft.com/Forums/en/w7itproperf/thread/e8400dbe-e6b8-4b1d-8851-a03e7af32e6e
Reddit: http://www.reddit.com/r/sysadmin/comments/w5f38/network_logon_issues_with_group_policy_and/
I followed a lot of what you all told me to do from testing the domain controllers with dcdiag and also completing netlogon tests. I did group policy tests where I got rid of the group policy
and just did default policy and it only slightly fixed the prob... Read more

A:Major Network Logon Issues (8 Domain Controllers and 3.5 thousand workstations) DNS, Time Server, DHCP, and Group Policy Errors

Hi,


I would like to suggest using Network Monitor to troubleshoot the issue.


Thanks.

Jeremy Wu
TechNet Community Support

Read other 4 answers
RELEVANCY SCORE 44

I'm getting a lot of successful logons

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 14/09/2009
Time: 09:08:46
User: NT AUTHORITY\ANONYMOUS LOGON

Computer:
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x1931B)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: -

I'm not sure whether its safe or not attatched is image of all logs of anonymous logon

A:several anonymous logons

I'm not sure, so I'm just posting my thoughts here.

Are you the only person that has physical access to your computer? Do you run any tools that may allow remote connections to your computer? Does this happen when you are connected to the internet, when your offline, or both?

All I can think of atm, but better then nothing

Read other 8 answers
RELEVANCY SCORE 44

For the past few weeks I've noticed a lot of activity with my internet connection(dial up) and overall my PC has been slower and the Earthlink Accelerator program quit working. I have run Norton and every spyware program I can find and haven't found anything. I came across the event viewer security program and found ton of Anonymous Logons on the log under workstation HOD. When I put the MS firewall on they completely stopped, but my PC remained slow and the accelerator still doesn't work . After rerunning all of the virus/spyware prgrams I took the firewall back off(it interferes with some things) and I had 10 logons in under a minute, 4 were unsuccessful for using bad username/password. It lists COMPAQ-clojea2f as the workstation, and that is not even the correct brand of my PC.

Here is my HJT log:

Logfile of HijackThis v1.98.0
Scan saved at 3:39:41 PM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C... Read more

A:Anonymous Logons - Please help

It really looks (and acts) like an older version of CWS. Let's run some tools...

Please go here and download, then run CoolWebShredder, by clicking on the Next button. You can also just update CWS by using the button provided, but you must use the latest version.

Download Ad-aware SE from here. Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
? Automatically save log-file
? Automatically quarantine objects prior to removal
? Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
? Scan Within Archives
? Scan Active Processes
? Scan Registry
? Deep Scan Registry
? Scan my IE favorites for banned URL?s
? Scan my Hosts file
? Under Click here to select drives + folders, choose:
? All of your hard drives
Click on the Advanced button on the left and select:
? Include additional process information
? Include additional file information
? Include environment information
Click the Tweak button and select:
? Under the Scanning Engine:
o Unload recognized processes & modules during scan
o Include additional Ad-aware settings in logfile
? Under the Cleaning Engine:
... Read more

Read other 3 answers
RELEVANCY SCORE 44

Hi guys,
I have been getting heaps of entries in my event viewer showing Anonymous Logons from another computer (hooked up to the same router). I know which computer it is and who uses it, but I don't know how to investigate. The Logons occur at set time intervals so I'm thinking it's some kind of spyware that is sending the culprit's computer activity data.

It's all just a theory though. Any ideas?
 

A:Anonymous logons

Read other 6 answers
RELEVANCY SCORE 43.2

Hi, just wondering if there is an easy way of viewing user logons in XP. Normally when i wanted to view ones access, i just sorta peiced it together from the event viewer. Is there an utility for this or simply an easy way of viewing the logons?

Thanks
 

A:viewing user logons

In Event Viewer > Security you can go to View > Filter, in Event source put Security, in Category put Logon/Logoff, in User put Username and you'll just see the logon/logoff for that user.
 

Read other 3 answers
RELEVANCY SCORE 43.2

I have a Dell Vostro 3550 and have a problem with Digital Persona (Windows 7). I've tried many times to add a logon but have never succeeded. Only once has it come (I have no idea how I made it). Any ideas? Thanks a lot!
 

A:Digital Persona Logons

Read other 6 answers
RELEVANCY SCORE 43.2

I just spent 2 days cleaning a PC over the internet for a friend of mine. She said all is great for her now, but her daughter's logon is running slow.

Do we need to go through the entire process for her daughter as well?

I am just unsure becaue I don't use multiple logons on my PC

TIA!
 

A:can different logons on the same computer each be infected??

Yes. Log on to each profile and do the cleaning.
 

Read other 2 answers
RELEVANCY SCORE 42.8

Hi all,

I am pretty new to this and am just teaching myself as i go along,

I am pretty good with XP but am pretty new to Server 2003,

This is what I am trying to do with windows server 2003,

I am trying to setup a server that will allow multiple people to log in with a designated usernames and passwords, all at the same time.

I need to be able to set what apps each user runs etc, but I am having difficulty setting this up.

I want each user to do like a remote desktop connection into the server, but when I try this will multiple local logins, it says either: "The local policy of this system does not permin you to login interactivly" or "You do not have access to logon to this session"

I have enabled Terminal server, but still not sure how to individually create users (only know how to create local users).

First of all, do you create a user profile for each user using the local user config (Run > lusrmgr.msc) or is there a different way to do this,

and also, is remote desktop the right app to be using within our LAN to connect to the server?

Also if anyone know an easy online step by step screenshot guide on how to set this up, that would be good.

I know I can "hack" xp and mce to have 3 users logon at the same time with RDP, however it would be better if we could use more, there for, that's the reason, we are using server 2k3.

- Any help is really appreciated,

Thanks Heaps.
- Liam.
,
 

A:Multiple remote user logons

Terminal Server only allows for 2 administrative connections without purchasing licenses. So you will have to look into that. Each user you setup on the server has to be in the Remote Desktop users group. As far as asking if its the right one it really depends on how you want this to function.

Look this over -

http://www.microsoft.com/windowsserver2003/technologies/terminalservices/default.mspx
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hey guys, i have a windows 2000 Server acting as a Domain Controller, and i'm attempting to login a Windows XP Pro Machine onto it, i can login to the domain, but it hangs at "applying your personal settings" for a few minutes then the desktop will load.

Do i need to have the profiles for these users on the Server? or can they be local?
 

A:Windows XP User Logons - Hanging

Anyone know where i can get some networking help?
 

Read other 3 answers
RELEVANCY SCORE 42.8

Hello friends!

I hope someone can help me with this weird thing.

I am running XP Professional at home. I have a logon for myself, my wife, and my son.

If I am logged on, and I have an internet application open (such as Explorer or Outlook) then anyone else who logs on cannot get out to the internet unless I fully log off.

I had someone else suggest that the solution to this was a .vbs file that he wanted me to download and install, but that seemed like a dangerous solution.

I'm thinking that there is setting, possibly in the registry, that could help.

Any ideas?
 

A:Multiple Logons and internet access

Hi and welcome. Are you on a network with the other computers? How are you connected to the internet?
 

Read other 2 answers
RELEVANCY SCORE 42.8

Hello

This symptom has been bothering me for a while and I can't seem to find a permanent solution to it.

In our company's domain, where we have pretty stringent standardization on everything, our users seem hit or miss whether or not they'll get an Outlook logon prompt when they launch Outlook. This account information is always just their Windows domain logon.

The profiles are set up with a straight exchange server address, there is never any saved passwords in the users profile. And it is never a case where they are not synchronized with the domain. There also doesn't seem to be any common denominator in terms of desktops vs laptops or using a cached profile or not.

Something is interfering with the pass-thru authentication. We keep Windows firewall disabled via GPO as well. Our Outlook installs are completely generic, no add-ins or forms or templates.

I have tried the usual list of troubleshooting steps, re-created the email profiles, deleted OST files, ran an Outlook repair, turned off/on cached mode.

No matter what, it just seems like a roll of the dice whether a user gets the logon prompt or not, except that if they do get the prompt, then they always get the prompt upon the launching of Outlook. Most people don't, but about 20% of our users have this "plague".

Any idea's or suggestions would be greatly appreciated.

spiff
 

A:Inconsistent Outlook logons upon launch

Read other 8 answers
RELEVANCY SCORE 42.8

My laptop has two logons, and both are marked as administrator. I always run the AVG Free A/V scan, the Spybot scan, and the Ad-Aware scan when I'm logged in on my logon (never on the other logon). When these things scan, are they checking the whole computer, including any files/settings/etc. that would be solely for the other logon? Or do you have to run the scans twice, once on each logon? (Which would be a pain in the butt...)

And, whatever the answer is, would the AVG Antispyware Free scanner work the same way? (I'll be installing that on my replacement laptop coming up soon...)

Thanks!

A:Doing Avg, Spybot, Ad-aware, Etc. Scans W/2-logons

If you are scanning the whole computer, it would scan all files, including files of the other log-on account.

Therefore, you only need to scan on 1 account.

I have the same situation on my PC and i only scan on my account, seems to work just fine

Read other 3 answers
RELEVANCY SCORE 42.8

I'm going to be starting from scratch on a new laptop, and will be creating two logons again (one for me, one for my wife) -- both need to have "Administrative Privileges" because of certain things in certain programs only working correcting if the account is that.

What I'm wondering is, what settings/etc. in Windows are universal and what settings do I have to do for each logon?

I guess I will probably install ZA and AVG Free *before* creating the two logons. Then do Firefox and all other programs after creating the two logons.

I will probably make any changes to Windows settings *before* as well.

But if I make any Windows settings after, will they automatically apply to both logons/accounts? Or do some work one way, and some the other?

What about any setting changes I make in other programs/applications? I know Firefox and IE security settings, etc, would be separate for each logon (I believe). But I'm not sure about anything else.

Any thoughts on all that? Thanks!

A:Question About Creating Multiple Logons

Some "universal" settings are the display resolution and the power settings. Any programs installed by one user is available to be run by another user, though the Desktop icons may not show for other users. Some Desktop icons appear to all users while others do not. See folder \Documents and Settings\All Users\Desktop for common icons (shortcuts) and files. See \Documents and Settings\{user_name}\Desktop for individual shortcuts and files.

Individual settings include wallpaper, the My Documents folder location, IE homepage, Outlook Express email setup and some Desktop items.

Read other 9 answers
RELEVANCY SCORE 42.8

I have been having a number of issues that one of the techs at my company indicated might be a result of unauthrzd. remote logon/term server sessions. He sugessted this site and gave me a utility to run that he suggested I post with my hijack log. I have scanned my system per your pre-post instructions. My Hijack log and the log he suggested are below. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:19:59 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\C Technologies\C-Pen 10\CPen10.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.... Read more

A:Concerned about unauth. remote logons

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Since it has been a few days since you first posted, please download ComboScan and save it to your Desktop. Double-click on comboscan.exe and follow the prompts. Please note that some firewalls may warn that sigcheck.exe is trying to access the Internet -- please allow it. When it has finished, ComboScan will open Notepad with a log file -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) this logfile as your reply.

Additionally, a folder will open with two text files. Please attach the Supplementary.txt file with your reply. To attach a file to a new post, simply:Click the [Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
Copy and paste the following into the "Upload File from your Computer" box:C:\ComboScan\Supplementary.txt
Click Upload.

Thank you.

Read other 17 answers
RELEVANCY SCORE 42.8

All,

I have windows XP64 and ever since my new video cards were installed (I am pretty sure it may have to do with them) I have had problems with my logins to administrator users to be really slow and sometimes never make it to the desktop. I have updated all of the video card drivers for XP64 and nothing is helping.

System Specs:
XP64
AMD Athlon 4200+ dual
2.21 Ghz
4 GB RAM

Video:
2 - NVIDIA GeForce 8800GT in SLI

CD ROMs:
TSSTCorp CD/DVDW SH-S182M
2nd drive is also a TSSTCorp, but it having issues also, which could be part of the problem (currently disconnected)

HD:
WDC WD360ADFD-00NLR1 (I think this one is a 36GB High Speed Drive)
WDC WD800BB-00CAA1 (75 GB slower backup drive)

Audio:
External USB Creative Soudblaster 24 bit

Keyboard/Mouse:
Logitech MX5000 setup (bluetooth)

I can give more information on login logs etc if needed. I just defraged C drive, so I can see if that helped anything. Please respond to help me fix this issue.

Thanks everyone,
Saleen66
 

A:Slow XP Logons (administrator specific)

Read other 16 answers
RELEVANCY SCORE 42.4

Hi,
First-timer. Running XP Pro SP3. There were some changes made, I think, to the some User profiles in the Local Security Policy, under Administrative tools, but not sure what.
There is one Admin account and one limited account on this computer. All was okay for a couple of weeks, and then I noticed that switching users works fine, but restart automatically opens the Admin logon - no pw and no Choose User screen. This was when the changes were made to the Local Policy, to try to correct this. Now, the restart still logs on as mentioned, but now Switch user doesn't work. At first, it just showed the UserInit error, and also another error (I forget now, but the same format - XXX didn't initiate correctly (or whatever it says by the Userinit screen)), and the same for TaskManager. I now got the Destop picture to show up, but the errors persist - I then have to reboot, into the Admin user. The Registry shows HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit =C:\windows\system32\userinit.exe,
including the comma at the end.
Any ideas?

Thanx, Sammy

A:[SOLVED] UserInit error on some users' logons

So you went into the Group Policy Editor and changed a setting and now you are getting this error? If so you can use the Secedit command to reset the policy to the Windows defaults.

Quote:




To restore your operating system to the original installation default security settings, follow these steps:
1. Click Start, click Run, type cmd, and then press ENTER.
.
In Windows XP, type the following command, and then press ENTER:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
You receive a "Task is completed" message and a warning message that something could not be done. You can safely ignore this message. For more information about this message, see the %windir%\Security\Logs\Scesrv.log file.

Read other 5 answers
RELEVANCY SCORE 42.4

Today I just got back to my apartment from an weekend out of town. When I logged into Windows 8, I noticed that some programs were running what really shouldn't be. I checked the Event Viewer and saw a series of logon events that happened while I was not home.
Before I left for the weekend, I didn't shutdown the laptop but I closed the lid so any one wishing to use it must enter a password to login to Windows, and I am the only person that knows the password. The strange logon events recorded on Event Viewer made me suspicious of my roommates. I don't want to start questioning them at this point. Could someone help me understand what was happening to my computer when I was away? Thank you very much.
Here's the security log for when I was away:

Audit Success 2016-02-21 2:50:17 PM Microsoft Windows security auditing. 4672 Special Logon
Audit Success 2016-02-21 2:50:17 PM Microsoft Windows security auditing. 4624 Logon
Audit Success 2016-02-21 2:50:17 PM Microsoft Windows security auditing. 4672 Special Logon
Audit Success 2016-02-21 2:50:17 PM Microsoft Windows security auditing. 4624 Logon
Audit Success 2016-02-21 2:49:15 PM Microsoft Windows security auditing. 4672 Special Logon
Audit Success 2016-02-21 2:49:15 PM Microsoft Windows security auditing. 4624 Logon
Audit Success 2016-02-21 2:48:56 PM Microsoft Windows security auditing. 4672 Special Logon
Audit Success 2016-02-21 2:48:56 PM ... Read more

Read other answers
RELEVANCY SCORE 42.4

I am not sure if this is a win 10 issue or a browser issue.

I use the latest IE on my system running win 10 home 64 bit.

Whenever I power up the computer, all my logon details for every website are lost and I have to manually logon to each website that I am a member of and visit.
This must be a cookie issue but I am at a loss as to what is clearing the cookies either on shut down or powering up.
I have checked all the usual suspects in 'Internet Options' and all seems fine there.

Is there anything else specifically within win 10 can cause this? I have looked, but I cannot find anything that needs either enabling or disabling.

My next step is to try another browser such as Firefox, but I prefer IE.

A:All website logons lost when powering up the computer

My gut reaction is browser itself, however not of "cookies" but the logon database.

I would recommend Chome myself ...

Read other 4 answers
RELEVANCY SCORE 42.4

Hello everybody,
As the topic says, i've been searching on the internet information about how to set paging for processes and interactive logons so that users can have some limits and the system won't crash.

For example:
A system has 4096MB RAM (4GB) and let's say my girlfriend uses this computer with her system account to see some web pages and talk with friends on instant messaging programs. Accidentally she launches some application that has bugs such as memory leaks and overflows memory resizing its' working set up to 5000 MB and still rises. After that there is a possibillity to BSOD or just hang with hdds filling up with page file and loose a lot of performance and unfortunatelly stability. So i'm looking for that kind of administrative function to limit the application so that it won't overflow memory and eventually stop at e.g. 3000 MB.

Is there anybody that has some knowledge about it?

A:Administration: how to set paging for processes and interactive logons

Uhh...to be honest you are looking at an edge case. So in reality you cannot do that. Nor do you actually need to. You have a greater chance of being hit by lightning.

Read other 2 answers
RELEVANCY SCORE 42.4

Windows 7 x86
4GB RAM
 
 
So I was helping a coworker diagnose some issues with his computer and scanned a few USB keys that I thought might be infected - I couldn't find anything. (Today I read how Stuxnet was transmitted and realized that those files wouldn't be detected by any scanner..so I'm very curious, maybe this was something similar).. The day I helped him (Tuesday), my computer was fine, as was the next day. I took yesterday off and when I came back today I was noticing things weren't running right. Logon became much longer and now I'm experiencing bouts of unresponsiveness. The mouse still works but I can't click on anything, windows become Not Responding but if I wait then things pick back up. There's no disk usage and CPU is pretty much idle all the time. I've tried checking out ProcMon but I'm still learning how to use it so nothing is sticking out yet... although there could be but I don't understand yet.
 
I'm running a quick MBAM scan right now and so far nothing is detected but I don't think anything will. This is very odd.
 
Some wierd symptoms - Opening Firefox, it takes forever to connect to Google (homepage).
Opening Notepad++ takes about 2 minutes (should be instant!)
 
I just don't know where to start looking, hoping to get a hand.
 
Thanks,

A:Slow logons and intermittent extreme slowdowns

are you using bit defender by any chance?

Read other 5 answers
RELEVANCY SCORE 42

I need reports for when users logon, logoff, connect and disconnect from my network. Running windows 2003 server ent ed. as a dc with all computers as members. I have already tried running logon and logoff scripts, however my workers don't usually logoff when finished but rather disconnect leaving their apps open for further work.

ANY HELP??? PLEASE! PLEASE
 

Read other answers
RELEVANCY SCORE 41.6

Greetings,
   We have implemented around 180 mainly Computer based security "hardening" setting via group policy to all Windows 7 machines running IE11. For the most part this has not affected the user's functionality. I have two isolated issues
and I'm trying to work out which setting might be the culprit:
One - A user goes to the website http://www.mssanz.org.au/modsim2015/index.html and enters their login details in the top right. IE just goes blank screen and nothing happens. When I exclude the group policy
from her computer account, she can login fine. Which setting(s) might affect external website logins? (Many other external website logins are just fine).
Two - A user goes to http://auth.athensams.net and then the login screen. The login screen gives a warning "Cookies not enabled - please change your browsers security settings to enable cookies". When
his computer is removed from the group policy, he does not get this message. You would think this would be an easy setting to find - trouble is, we have NOT disabled cookies as part of our security regime. So what other setting would make an authentication
script think that cookies are disabled?
Thanks
David Z

Read other answers
RELEVANCY SCORE 41.6

Hello,

Re-posted without the HJT report ... sorry I didn't realize we weren't supposed to include them in this forum.

I have some strange stuff going on and my attempts at researching them have not helped me to resolve it. Here are the symptoms.
I have XP home SP3 installed so I do not have access to XP pro tools if they are needed.

I have installed Comodo firewall and every time I open a new program, it asks for elevated debug privileges.

The following two events are in my event viewer every 15 minutes day and night.

Special privileges assigned to new logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege

Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: -

background activity happens when these happen (hourglass appears in the cursor)

I also seem to have a lot of stuff on my computer that would more properly be on a server even though I am a home user and connecting through a router (no network)

I have disabled every unneeded service that I could think of that could cause these and still no luck (using this site, black viper, and the elder geek).

I have run multiple virus scans and rootkit scans and checked every file mentioned in my research on virustotal without result. It appears I am clean (of co... Read more

Read other answers
RELEVANCY SCORE 38.8

Hello,
Currently we are in the middle of a migration project. We are migrating users from child domains to the root domain of one organization.
The user accounts are migrated with powershell using Move-ADObject cmdlet. This works as expected. The SIDHistory attribute is updated correctly.
Recently we received complaints from some *migrated* users - they lost their default/custom file associations. This happens only on Windows 8/Windows 8.1.
What happens:

the user is migrated and logs onher profile loads and everything's preserved (as expected)the user clicks on a .jpeg file (previously associated with program XYZ)OS asks the user to choose a program to open the file withthe user chooses a default program XYZ and the file openswhen the user clicks on a .jpeg file again - OS asks to choose a program again
i.e. the settings are not preserved.

Our investigation shows that it is connected with the UserChoice registry key and the HASH value under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SomeExt

According to this blog 
the HASH is calculated based on user's SID. But after the migration the user has new SID and the HASH becomes invalid and we hit this:
"However In Win 8, the registry changes are verified by a hash (unique per user and app)  that detects tampering by apps. In the absence of a valid hash, we ignore the default in the registry."
Currently deleting the UserChoice key for all a... Read more

A:File associations are lost when user account is migrated from one domain to another domain (SID changes)

Hello Petar K. Georgiev,
Please check the following article to change the registry key to change back to the default file type associations.
http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html
Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best regards,
Fangzhou CHENPlease remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Read other 2 answers