locked
URGENT!!!! Logon failed, windows Vista!!! !!!! Group Policy Client service failed the logon Access is Denied

    Question

  •  

     Hello All

    I have random users with NO fix machines, that are getting error at logon: Group Policy Client service failed the logon Access is Denied on windows vista.

    This problem was there only if you removed a user profile from the local machine manually and you could fix it by deleting that user’s record on the registry key “ profile list”, but These users have no record under registry key  ”profile list” for me to delete, which is the only fix for this type of error i know. But it will not work for these users because they never logged on to those machines.  This has recently started happening, perhaps after deploying the latest security patches.

    Giving these users a new profile will fix the problem, but as the number of users with this error is growing, i cannot give 500 people new profile.

    I blocked group policy on the computer and also blocked folder redirection policy for the user, but the problem still there.

    Help please

     

    cheers

     

    Shaggy

    Thursday, January 17, 2008 6:05 PM

Answers

  •  

    Ok. Stop screeming, I have been busy with exams, i waited a year to fix this, I’m sure you can wait few weeks.  Here is a summary of what I have done, before doing so I like to recommend the following as I have done the same to get this sorted:

    1.       make sure your NIC driver does not have Microsoft’s driver as this causes many problems, download and install the latest driver from manufacturer

    2.       if you are using Symantec antivirus 10.2 then upgrade it to Symantec11 endpoint protection, or download and install the latest client if you using any other antivirus software

    3.       make sure your network switches are configured correctly, if you are not sure, then bring in a pro to have a look

    4.       make sure you got all the patched and service packs on your build

     

    I think combinations of above and the following computer policy has resolved the issue.  You may try to implement the policies and see if it makes a difference, if not, then have a look at the point above and tackle them one by one. Implementing the policies is at your own risk!! I suggest you check with your environment first to see it doesn’t cause any problems.

     

    After implementation, If you still having problem, check to see if the user was loged on last After you implemented policy or before you put the policy. Because I still get users with the error coming to office, but when i check with them, their last login goes back before the changes were in place.

    Good luck , and hope it works , and If it does, mark this answer so we can say issue resolved.


     

    Computer policy/Administrative templates

    System/Logon

    Policy

    Setting

    Comment

    Always wait for the network at computer

    Enabled

    Important !!!

     

    System/Scripts

    Policy

    Setting

    My Comment

    Maximum wait time for Group Policy scripts

    Enabled

    Important!! Reduce the time for logon script to run to meet your requirement, my one is set to 60 seconds

    Seconds:

    60

    Policy

    Setting

    My Comment

    Run logon scripts synchronously

    Disabled  

     

    Important!! This can also be found in user policy make sure you disable in both location just in case!!!

     

     

     

     

     

     

                    System/User Profiles

    Policy

    Setting

    My Comment

    Delete cached copies of roaming profiles

    Enabled

    Delete user profiles older than a specified number of days on system restart

    Enabled

    Delete user profiles older than (days)

    3

    Policy

    Setting

    Comment

    Do not detect slow network connections

    Enabled

    Wait for remote user profile

    Enabled

     

     

     let me know how it goes,

     Shaggy

    • Marked as answer by mr-shaggy Monday, December 15, 2008 4:31 PM
    Monday, December 15, 2008 4:20 PM

All replies

  •  

    come on guys...250 views in 7 days and not a single comment...where are all the Pros??? and Microsoft is just ignoring this..if you search the web...you can see the issue has been there for years and has never been solved.
    Thursday, January 24, 2008 2:39 PM
  • OK, an update on this, every time this error acures, the user in immideatly loged off the mchine, in the event log there is error as follows:

    Log Name:      Application
    Source:        Microsoft-Windows-User Profiles Service
    Date:          24/01/2008 15:49:13
    Event ID:      1542
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          SYSTEM
    Computer:      blaa
    Description:
    Windows cannot load classes registry file.
     DETAIL - The system cannot find the file specified.

    there is a new service on windows vista that manages the group policy, it is called Group Policy Client service, you can not turn on or turn off this service, however, i managed to diabled it on one machine using the domain policy almighty and then the error was gone, BUT this was to just to test to see if you can log the user on, now i have to turn it back on again because non of the GPs will aplly if this service is disabled.

     

    come on MIcrosoft .. find a FIX please/.

     

     

    anyone????

     

    Thursday, January 24, 2008 3:58 PM
  •  

    Update:

    I went through the profile  backup for a user with this problem and found that few days before this error accrued, the size of ntuser.dat file in the profile was 3 times the size that it is now, this means that the profile was not saved properly and ntuser.dat becomes corrupted and therefore the Group Policy Client Service cannot load the registry files from the file. When i restored NTUSER.dat from the back up, everything was back to normal. So i can confirm that this is rather a profile issue with vista and Gp client service does not like that causing a logon failure.

    But on the other hand, vista has not logged anything on the logs that indicates this profile was not saved properly.  So if you can find the way to save ntuser.dat file correctly, then you will fix this problem. This is what i think anyways.

     

    Shaggy
    Friday, January 25, 2008 11:20 AM
  •  

    the only way to fix this is to recreate the profile or restore the ntuser.dat from the back up.

    i have made some changes to prevent this from happening in the future, i will post the result if there is demand for it, it means you have to ask and post comment Smile

     

    Shaggy

    Friday, January 25, 2008 3:59 PM
  • Hello Shaggy
       I have a Windows 2003 Active Directory domain with Vista clients. I have several users from the domain that have this same problem that cropped up in December 2007 and just today.

       I wonder if it will be fixed with Vista SP1  or with a change to Windows Server 2008.


       I would really appreciate the fix you have. 

    Thank You,
    taffy1
    Friday, February 01, 2008 10:41 PM
  •  

    hi taffy

     

    i hope this will be fixed with sp1, however, the only way to fix this is to restore ntuser.dat from the backup or give the user a new profile. to avoide this error in the future, i made some changes to the group policy:

    computer config> admin templates> system? user profile:

    Disable "do not forcefully unload the user registary at user logoff"

    and increase the "Maximum retries to unload and update user profile" to 90 seconds.

    no one has reported any problems since i made this change, how ever, there maybe longer logon and log off times for users. this can also be fixed by going to command prompt and run: netsh interface tcp set global autotuninglevel=disable

    , when you do this, you will no longer get warning in your event log "  The winlogon notification subscriber <GPClient> took X seconds to handle the notification" , the combination of the should improve the system, however i do recommend that you test this before implementing it in your domain.

     

    hope this helps to all

     

    Shaggy

    Tuesday, February 05, 2008 4:16 PM
  • I have to confirm that symantec has some issues but was not the cause of the Group Policy Error it self.

    In my case- i found that Symantec Antivirus is holding a registry key open- so there is a message in event log as follows:

    Event ID: 1530

    1 user registry handles leaked from \Registry\User\S-1-5-21-1275210071-682003330-1417001333-48080:

    Process 2060 (\Device\HarddiskVolume1\Program Files\Symantec AntiVirus\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-1275210071-682003330-1417001333-48080\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\Custom Tasks

    I contacted Symantec and they provided a patch, after installing the patch, this warning was gone.

    However, I dont  know if this will fix the profile corruption, but this is the only message I could find at user log off that is related to the profile. i will know this in the long run.

    I am sure everyone out there can find this kind of warning at log off, it does not have to be Symantec, it could be your Graphics card or something else that is holding on to a registry key at logoff.

     

    As for the second problem with long login time, I found this is happening ONLY on certain hardware. On a different hardware platform, my test login was between 45 sec to 1 min, this is ok for a domain environment with lots of group policies.  However, when i looked at the network driver, i found that the driver belongs to Microsoft, I updated the NIC driver from Intel and Broadcom (NEW Version),  and the login is back to NORMAL at last, i have to say that i only did this for few machines and tested with one test account, But i am 90 percent sure that the long login issue is because vista is using its own driver for your NIC and that is where the problem is coming frrom.

    Try these and if it worked please let me know so we can make sure this has been resolved.

    Shaggy
    Thursday, February 28, 2008 2:42 PM
  • Hi there Mr. Shaggy.

     

    I just read about you login issue, and i'v got thew same problem. May i ask you for the solution(file you got from Symantec) please.

     

    Kind regards Dannemannen

     

    Wednesday, March 05, 2008 2:01 PM
  •  

    Hi Danne

     

    you need to go to contact Symantec to obtain a patch, they will place it under ftp.symantec.com/public/ , but you need to find the relevant language > product > then patch on thier FTP site.

     

    however, the majority of these issues is caused by Microsoft's Network driver, update your NIC driver, especially if it is Intel, it will speedup login and log out, plus it may solve the profile issue.

     

    Regards

     

    Shaggy

    Thursday, March 06, 2008 5:07 PM
  • Hi Shaggy,
    I'm amazed that Microsoft still hasn't addressed this obvious issue.  I'm glad my school is still on xp.  I'm a guinea pig with Vista on my home machine and can't get into any of my user accounts.  This probably wouldn't be a fix for you since you have so many users, but for anyone out there who just needs to get into their flippin user account, here's what I did so that I could access mine:

    Log in as Administrator

    Create a user account (call it GroupPolicyFix)

    Change the account type to Administrator

    Log off of the Administrator account

    Then attempt to log in again to your user account


    If this doesn't work then log back in as Administrator, change the account type to 'Standard User' and the try logging back in to your user account.  This has been working for me.  I guess I somehow get it to recognize my user account when I make a change to another user account (ie GroupPolicyFix).


    About 90% of the time, when I restart or boot up my pc I have to change the account type for GroupPolicyFix user in order to be able to access my own user account.  Go figure.  But at least it works.

    Hope this helps someone out there.
    Jeanie
    Thursday, March 13, 2008 5:06 AM
  • "I'm amazed that Microsoft still hasn't addressed this obvious issue."

     

    +1

     

    Hopefully SP1 will do it...

    Friday, March 14, 2008 12:03 AM
  • The same "Group Policy Client service failed the logon. Access is Denied." issue. However, I found out that I missed some steps during roaming profile creation. Correct steps are these:

    • Create a new folder on the network for storing roaming profile, named as say PROFILE.V2, with Read&Execute, List Folder Contents, and Read permissions.
    • Create a new "DOMAIN\fakeuser" account in AD.
    • Logon with this account to the client computer, and make appropriate profile changes.
    • Logoff "DOMAIN\fakeuser" and logon to the client as "DOMAIN\Administrator".
    • Open System Properties,...,User Profiles dialog, mark "DOMAIN\fakeuser" profile, click Copy To, and then do the following on Copy To dialog:
      • Click the Browse button, and browse to the network folder where you want to store the profile.
      • Click the Change button, and then add the Everyone group (!!!THIS WAS STEP I MISSED!!!)
    • On DC, run Active Directory Users and Computers, and for all users you want to use roaming profiles, make their profile path to \\NetworkShare...\PROFILE (without V2 appendix)

    After this, logons will work right (in my case)! If you already have profile, recreate it using the previous steps. Hope this might be helpful...

     

    Regards,

    Camexan

    Saturday, March 29, 2008 10:16 PM
  •  

    Your solution may be useful in a small environment and before deploying vista. However, when you have 500+ users, there is no way you can fix this by recreating the profile from scratch like that.

    .v2 extension needs to exist to distinguish between XP and vista profiles, plus roaming profiles should be created automatically when users log on for the first time unless you want to configure a mandatory profile.

    I still think updating your NIC driver has a lot to do with this and also improves login time. SP1 does not fix any of this, the thing that makes me angry the most is that why Microsoft configures GPclient service to block users from logging in if there profile is corrupted? Even if the profile is corrupted, it should be able to fix itself rather than having gpclient service blocking the users , It is all very wrong .

    Shaggy
    Tuesday, April 01, 2008 3:15 PM
  • I'm a home user. This is all way over my head! What was Microsoft thinking when they released Vista. I can't even manage to install my printer software! It says I don't have administrator privileges but it appears I have???????

    Wish I had my Mac back!

    Seriously doesn't anyone have any suggestions?

    Saturday, April 05, 2008 9:47 PM
  • Ok this worked for me. Log on using a diferent account. run regedit (this edits the registry). Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList there is a list of sids here. These security IDs are what links the useraccount to the profile. Each user account has a sid.  Click on the sids and you will see a ProfileImagePath key in the right hand key. Use this to figure out the effected profile. It will say something like %SystemDrive%\Users\username write this down you will need it later. Once you know which user account the sid is for.Delete the Sid from the profile list hive (just right click on it and hit delete). Now restart and log on as the user you couldn't log in as. It will create a new profile all your settings will be gone. Log off and log back on as a local admin. Go back to regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList again. This was repopulated when you logged back on. Now select profile image path and set it back to what it was originally. See if you can log back in as the user.

    Hope this helps
    Nate Dell
    MCSE (2000, 2003)
    CCNP
    CCNA
    Thursday, April 10, 2008 7:49 PM
  •  

    Hi Natedell

     

    if you read the begining of the forum, you see that i have already mentioned this, but this only works for users with fix machines, however,  users who move from one machine to another, do not have a record under that reg key, so you have to delete thier ntuser.dat file.

    sad .. but true... i dont know when microsoft is going to come up with a solution, but so far... it has been ignored..

     

    Regards

     

    Shaggy

    Friday, April 11, 2008 12:04 PM
  • Hi Everyone

     

    Thanks to all the contributors but unfortunately the problem is not solved as at 17 April 2008 (e.g registry entries do not exist, V2 profile folders are unaccessible.....) and I do not have a solution but I hope that the information below may assist in finding one.

     

    The thread started 17 Jan 2007 which was about the same time as the problem happened to me. Is that a coincidence? It was about then that the only Vista user (voluntary guinea pig) on the AD domain found she could not log on. Solution: get her an XP Pro workstation. Result: Happy User.

     

    Unfortunately I cannot confirm the exact date the logon was refused. The Vista PC used to have 1GB Ram. Performance was so slow that the user still preferred to use an old 256MB Ram XP Pro PC.

     

    The day before yesterday I set up another Domain user on the same Vista PC. He logged on fine and again yesterday. Only issue was Outlook 2007 took about 30 seconds to open an email. (That's Vista! The PC now has 2.5GB Ram.) This morning he could not log on.

     

    The V2 profile folder for both these users is inaccessible to any user or group and, as the user cannot logon, I cannot restore the NTUSER.DAT file. I have a backup of the NTUSER.DAT file taken the day before yesterday. Please let me know how I might be able to gain access to the V2 folders.

     

    I got the Vista PC in April 2007. It has been used on the domain by the first user since then, until she was unable to log on. However, the problem did not arise until January this year. I use WSUS to update clients automatically. I doubt the logon problem was caused by a Microsoft update because another problem I have had with this one and only Vista PC is that automatic or manual attempts to install Vista system updates stopped working on the 7th September 2007. This was the last system update:

    Update for Windows Vista (KB938194)

    Installation date: ‎7/‎09/‎2007 8:25 a.m.  ***THIS IS DATE FORMAT DD/MM/YY***

    Installation status: Successful

    Update type: Recommended

    This update resolves some compatibility and reliability issues in Windows Vista. By applying this update, you can achieve better reliability and hardware compatibility in various scenarios. After you install this item, you may have to restart your computer.

    More information:
    http://support.microsoft.com/kb/938194

    Help and Support:
    http://support.microsoft.com


    If the reliability did improve, as promised above, there are plenty of senarios still outstanding!

     

    Reliability got worse.

     

    Since then the only successful updates to the Vista PC have been definitions for Windows Malicious Software Tool and Windows Defender. This has made it impossible to prepare the PC for Vista SP1.

     

    I do not have Symantec AV on this PC although I run Symantec Enterprise version 10 on all the other domain devices and Exchange Server. The Vista PC runs a stand-alone installation of NOD32 because in April 2007 Symantec version 9 was the domain AV and it was incompatible with Vista. So, I do not think the logon issue is specifically related to Symantec.

     

    Other facts:

    The Windows firewall on the Vista PC is turned off

    The last updates installed on the AD W2003 server just prior to the logon issue were KB944653, 9427635,941569 and 941568 - none of which have any mention of policy. 941568 addressed DirectX vulnerabilities.

    No updates were installed on the W2K profile server for months before the logon problem started.

     

    I have the media to install Vista Business Premium SP1, thanks to a free giveaway at the Microsoft Launch Wave 2008, but after reading this thread, the logon problem has not been solved on SP1 so I won't waste my time.

     

    Regards TPLNZ

    Thursday, April 17, 2008 4:05 AM
  • Hi TPLNZ

     

    Thanks for the input, I wish someone could get to Microsoft people and ask them if they are ignoring this or they don’t care.. if they know about it, why don’t they release any information????!!!!

    I started this forum on 17th January 2008- it has had 4000 views since then, that is 1000 per month, isn’t this enough for them to see the problem??? Considering the number of organisations who upgraded to vista are still low, 1000 views per month is a lot.

     

    anyways.. I think everything is being caused by the new service on vista called "Group Policy Client" , what Microsoft needs to do is to release a patch that kills any relationship between this service and Ntuser.dat, Technically speaking this is not possible; however, they need to modify this service so it stops blocking users from logging on to vista for any reason, if the profile is there... and the DC is there... the user should be able to logon regardless of what Group Policy Client Service may think, end of story.

     

    Regards

    Shaggy

    Monday, April 21, 2008 12:15 PM
  • Hello Mr.Shaggy,

    Can you please tell me how you did this? I cannot delete the account, nor can I reduce its privilidges.

    Thanks.
    Saturday, April 26, 2008 5:51 PM
  •  

    Hi Mpat

     

    what are you trying to delete?

     

    Shaggy

    Monday, April 28, 2008 10:15 AM
  • This issue is still NOT resolved, any NEW suggestion is appreciated.

    Monday, April 28, 2008 10:28 AM
  • Interesting problem. I can't reproduce your situations, so please send some logs to my mail address.

     

    1. Try to logon with local administrator account and create the following value in the registry:

     

    Code Snippet
    Hive: HKEY_LOCAL_MACHINE
    Key: Software\Microsoft\Windows NT\Current Version\Winlogon
    Name: UserenvDebugLevel
    Type: REG_DWORD
    UserenvDebugLevel=30002 (hexadecimal)

     

     

    2. Restart your computer & try to logon with the problematic user account.

     

    3. Logon with admin account & find the following file:

     

    Code Snippet

    %Systemroot%\Debug\UserMode\Userenv.log

     

     

    4. Open event viewer and find the group policy operational log, under Applications and Services Logs\Microsoft\Windows\Group Policy

     

    5. Right click on the "operational" label and choose Filter Current Log option, choose Last Hour from "logged" drop down menu and set ALL event level. Click OK.

     

    5. Right click on "operational" label again, and choose Save Filtered Log File As.

     

    6. Send the two files to my mail address (you can find it, on my profile page).

     

    Thanks.

    Friday, May 02, 2008 9:01 PM
  • Hi

     

    Thanks for the input- I ahve prepared a machine and am waiting for users to come forward.

    will get back to you soon.

     

    Cheers

     

    Shaggy

     

    Wednesday, May 14, 2008 2:51 PM
  • I need help....i cant even login to do the things people keep suggesting for enterprise environments.  im  a home user.  ive restored my computer back to previous points but the problem keeps coming back.  Amazing warranty expires along with service and i cant fix my computer any more.

     

    windows vista the group policy client service failed the logon. access is denied

     

    whats the answer?????????

    Monday, May 19, 2008 4:49 PM
  • I'm a home user and had the same problem.  Now when I boot my computer, I am told that Group Policy Client access is denied and I can't even get to the desktop.  How do I get to my desktop, even in safe mode, to fix this problem.  My computer is currently unusable.
    Tuesday, May 20, 2008 1:52 AM
  •  

    Hi
     
     
    I created the registary key you sugested and rebooted the system and loged on one user with that error, but I can not find the file Userenv.log , there is another file called "gpsvc" .
     
    any ideas?
     
    Cheers
     
    Shaggy

    Tuesday, May 27, 2008 3:58 PM
  • Sorry, the correct file name is gpsvc.log. Userenv.log only exists in earlier versions of Windows.

    Tuesday, May 27, 2008 4:06 PM
  • I'm having this same issue. However, with my issue, just after I receive the Group Policy Client service failed logon message, the computer reboots back to the OS seleciton menu (The pc is setup with XP on HD1, Vista HD2.) I am also unable to logon to the admin account as the pc will go back to the OS menu after about 5 seconds or so. Any advice on this? Also, Safemode for Vista won't load up.
    Sunday, June 22, 2008 2:36 PM
  • this issue still not resolved, any new suggestion?

    anyone?

    Wednesday, June 25, 2008 12:01 PM
  • This is a real serious bug MS.

    Where are the MS reps here assuring a bug fix will be on its way pronto?

    WE NEED THIS RESOLVED!
    Monday, July 07, 2008 9:23 PM
  • Hi,

     

    in my situation I have a roaming profile and when I try to login to a new computer I get the same message error.

    When I try to understand I found that the copy of my profile located in the server didn't contain some NTUSER.dat

    and have just some *.tmp files, which means the the previous system didn't upload them correctly to the server.

    I fix the problem by:

     - Deleting the *.tmp files from the server and copy the needed files from previous system.

     - Delete the created profile on the new system from Control Panel->System->Advanced system settings->User Profiles->Settings

     - logon to the new system again after checking that the mentioned files below are on the server

     

    The needed files:

    NTUSER.DAT

    ntuser.dat.LOG1

    ntuser.dat.LOG2

    NTUSER.DAT{5346365dfgyiocswyf2857}.TM.blf

    NTUSER.DAT{5346365dfgyiocswyf2857}.TMContainer00000000000000000001.regtrans-ms

    NTUSER.DAT{5346365dfgyiocswyf2857}.TMContainer00000000000000000002.regtrans-ms

    ntuser.ini

    ntuser.pol

     

    Good lock

     

    Friday, July 25, 2008 9:31 AM
  • i solved the problem! i just uninstalled norton 2008 antivirus from my pc and also some divx codecs and it works perfectly now
    Monday, August 04, 2008 12:45 AM
  • Please read from the first page before posting a comments, as i mentioned this happens to people with no fix machine. And I already have mentioned how to provide a workaround by deleting or restoring ntuser.dat-  but you cannot recreate profile for 1000 users. However, we are after a solution to prevent the group policy service blocking users when they want to login. This should not be happening at all regardless of the state of your profile.

    DO NOT POST COMMENTS IF YOU HAVE NOT READ EVERYTHING CAREFULLY-

     

    Thanks

    Shaggy

    Wednesday, August 06, 2008 11:15 AM

  • Shaggy - have read through

    This problem has affected my administrator account on home pc, so admin is not immune...

    Also, in reviewing this and other fora, it appears that different aspects of profiles are corrupted, contrary to earlier posts - in my case ProfileImagePath is redirected to C:\Users\User.  Also, I suspect my problem was triggered by an automatic restore, since after the restore, but prior to logging off and encountering the problem for the first time, the admin profile e.g. C:\Users\AdminLoginName was renamed to C:\Users\User.
    Wednesday, August 13, 2008 2:21 AM
  • HI,

    THIS WORKED UP UNTIL IN TRIED TO DELETE MY PROBLEM AND IT WOULDNT LET ME. DELETE. WHAT CAN I TRY NOW?

     

    THANKS..  BUT DO YOU KNOW WHY THIS EVEN HAPPENED?

    JODY

    Friday, August 29, 2008 9:56 PM
  •  

    Dear all..

    Thanks for your input- unfortunately we don’t know why is this happening- i am only interested to know if you have a solution to a domain wide environment of this isuue and not an stand alone computer, if you are not an IT professional, then please do not respond.

    When having this problem in a domain with 1000 users- then it is more like a disaster!! This page has been viewed 13000 times within 8 months and NO response from Microsoft what so ever- what a shame. I am trying a new set of policy- if it works then i will post it for you to implement it in order to get rid of this issue.

    JODY- if you can’t delete is because you don’t have permission to do so- take ownership of the folder using an admin account and then delete whatever you trying to delete.

     

    Shaggy

     

    Tuesday, September 02, 2008 2:34 PM
  • I just received this message on a stand alone Dell Vostro 1700 with four user accounts.  I cannot believe that this has been going on this long with no solution from Microsoft.  God I wish I'd never heard of Windows Vista.  My next machines will absolutely be Macs.  I've been living with the Vista nonsense since July of 2007 and I've had it.  I just got rid of all windows mobile phones and switched to iPhones.  My computers are scheduled for replacement in July of 2009.  I'll live with Vista until then but if anyone at Microsoft is listening and cares, you've lost me.  I've tried for a year but I'm done.

    Sunday, September 07, 2008 11:29 PM
  • Tons of problems, no answers.

     

    Folks, I need an answer I can understand, I can do a little regedit and a few things but need it explained from a to z to fix it properly.

     

    Windows Vista Home Premium User

     

    Norton 360 was crashing doing full scans toward the end of the scan. I logged onto Norton tech and had them take over the computer and did an uninstall/reinstall of the product.

     

    During one of the reinstallation restarts my account switched to temporary and locked me out of my administrator account giving me the infamous Group Policy Client Service Failed the Logon-access is denied problem. 

     

    He could not/would not help me and told me it was a microsoft issue.

     

    After this on my own I figured uninstalling Norton360 entirely from the computer would eliminate the problem and restore the correct settings. No change still, could not logon, so I reinstalled Norton 360 again and still get the Client Service failed logon access is denied.

     

    I used my guest account, created a brand new account from that which I made administrator, from there I changed my former administraor account to standard, changed the password, the user name itself, eliminated the password and still I cannot log back into it. Even in safe mode it just did not accept any logon at all.

     

    I read over the pages in this forum:

     

    One person says that had a Norton patch with a link that is not specific to exactly what kind of patch exactly I would need to download.

     

    Another wrote about deleting SID in regedit for that account (which I found) but did not explain full process about what to save and rewrite later.

     

    A few folks wrote about files to change but did not explain how to go about this or find them and specifically change them.

     

    Can someone please give me an answer I can use to fix this? I'm guessing my old primary account is taking up the space for most of my hard drive and I have things a decade old in there I desperately need.

     

    Saturday, September 20, 2008 1:35 PM
  • What DIVX Codes?

     

    Saturday, September 20, 2008 1:52 PM
  • For the record I got on live with another Norton rep who logged into and I let them view this page about the patch and they knew nothing of this.

     

    I'm stuck and all my info is locked up.

    Shaggy/anyone if your out there please give me something I can work with.

     

    Thanks for reading

     

    Saturday, September 20, 2008 2:50 PM
  •  

    Hi- you need to delete relevant reg keys which is listed under the profilelist in the windows registary, you can find this under: Hkey_local_machine\software\misrosoft\windows NT\currentVersion\profilelist. keys that start with "S-1", one of  those keys belong to the troubled account, you need to delete that and also rename the profile for that user under: c:\users\username.

     

    hope this helps, but once again.... I am interested to find why this is happening and find a proper fix for it for a domain wide environment and NOT home pcs. if you having problem with your home machine, then please DO NOT post here.

     

    Thanks

     

    Shaggy

     

     

    Monday, September 29, 2008 3:17 PM
  • Hi all

     

    I now have a work around for this, I implemented a set of policies and updates in september, since then, no one had that problem in our 1000 computers, I will write it all soon and post it, as i know many still having this problem.

     

    cheers

     

    Shaggy

    Sunday, November 09, 2008 12:07 AM
  • Hello,
      I've been following this post for a while now. My lab's Vista clients have been experiencing the same problems with Windows Server 2003. I look forward to reading about your work around.
         ~Adam
    Friday, November 14, 2008 4:14 PM
  •  

    Hi Adam, thanks for your post, have been very busy lately, need to find some time to post my solution as it is going to be at least one page long, will post soon.

     

    cheers

     

    Shaggy

    Monday, November 24, 2008 10:49 PM
  • Shaggy,

     

    I'm sure you are very stressed about this as much as I am, and I don't know how this works, but my question is how to get by the message which i believe was "user logon failed," this is the most relavent group, and u seem like a guy who is good  with computers... I'm on as my mother on my $2,000 DELL; the number of problems I have encountered is large, and i want the new macbook... what can u do? Im 14, and this computer cost me MOST OF MY MONEY!!!!! In my life, I have received a total of $8,000 in gifts; $5,000 at my Bar-Mitzvah, which is the Jewish Coming of Age ceremony into adulthood... THIS WAS ALL THE MONEY I WAS ALLOWED TO SPEND!!!!!! PLEASE HELP!!!!!! Crying

     

    ACGT1

     

    P.S. MY MOM WON'T LET ME GET THE NEW MACBOOK!!!

    Friday, December 05, 2008 4:13 AM
  • Hi,

     

    You need to have a copy of the NTUSER.DAT which size should be equal to 1024 kb and copy it to the same folder where your profile is, because the actual one is around 4Mb.

    Of course it’s difficult to do it if you don’t have a copy of the file, but in my situation it work and I just check that the owner of the file is the same person of that profile.

    I hope my explanation will help you.

     

    Friday, December 05, 2008 7:25 AM
  • This is a fine example of what's so great about reliance on community-based tech support.  We're coming up on eleven months of Shaggy bitching about not having a solution to this "urgent" problem, but now that he has one (or at least claims to have one that he "implemented....in september"), he can't find the time to share it with the rest of the "community". 

    Meanwhile, what's the Microsloth respose?  Head in the sand?  Let the masses writhe until they're ready to pay for the so-called "premium" support?  So overwhelmed with product problems that responsive support is simply infeasible?  Avoiding embarrasment?

    So which is worse:  being ignored by Shaggy, or being ignored by Microsloth?  That depends on whether you think a failure of individual responsibility (to the "community") is worse than a failure of corporate responsibility.  Personally, I think they're the same failure in different frameworks:  a failure of individual character.
      Someone who's "in the know" is too selfish to help, and/or personally shrugs off the responsibility. 

    Is there a role for <gasp> morality and character in modern business? 

    Good luck with that.
    Saturday, December 06, 2008 8:34 AM
  •  

    Shaggy,

     

    I agree with WalkingMachine. If you have sorted this issue out for your 1000+ PC's and spent a good 9 months in looking for a solution the least you can do is post it for the rest of the community that is experiencing the same issue as help from Microsoft is limited to none here.

     

    I am experiencing the same issue with my 250+ user client and am looking for a solution to correct future instances of this bug.

     

    Any help greatly appreciated!

     

    Regards,

     

    DanTechPro

     

    Monday, December 08, 2008 2:58 AM
  •  

    Ok. Stop screeming, I have been busy with exams, i waited a year to fix this, I’m sure you can wait few weeks.  Here is a summary of what I have done, before doing so I like to recommend the following as I have done the same to get this sorted:

    1.       make sure your NIC driver does not have Microsoft’s driver as this causes many problems, download and install the latest driver from manufacturer

    2.       if you are using Symantec antivirus 10.2 then upgrade it to Symantec11 endpoint protection, or download and install the latest client if you using any other antivirus software

    3.       make sure your network switches are configured correctly, if you are not sure, then bring in a pro to have a look

    4.       make sure you got all the patched and service packs on your build

     

    I think combinations of above and the following computer policy has resolved the issue.  You may try to implement the policies and see if it makes a difference, if not, then have a look at the point above and tackle them one by one. Implementing the policies is at your own risk!! I suggest you check with your environment first to see it doesn’t cause any problems.

     

    After implementation, If you still having problem, check to see if the user was loged on last After you implemented policy or before you put the policy. Because I still get users with the error coming to office, but when i check with them, their last login goes back before the changes were in place.

    Good luck , and hope it works , and If it does, mark this answer so we can say issue resolved.


     

    Computer policy/Administrative templates

    System/Logon

    Policy

    Setting

    Comment

    Always wait for the network at computer

    Enabled

    Important !!!

     

    System/Scripts

    Policy

    Setting

    My Comment

    Maximum wait time for Group Policy scripts

    Enabled

    Important!! Reduce the time for logon script to run to meet your requirement, my one is set to 60 seconds

    Seconds:

    60

    Policy

    Setting

    My Comment

    Run logon scripts synchronously

    Disabled  

     

    Important!! This can also be found in user policy make sure you disable in both location just in case!!!

     

     

     

     

     

     

                    System/User Profiles

    Policy

    Setting

    My Comment

    Delete cached copies of roaming profiles

    Enabled

    Delete user profiles older than a specified number of days on system restart

    Enabled

    Delete user profiles older than (days)

    3

    Policy

    Setting

    Comment

    Do not detect slow network connections

    Enabled

    Wait for remote user profile

    Enabled

     

     

     let me know how it goes,

     Shaggy

    • Marked as answer by mr-shaggy Monday, December 15, 2008 4:31 PM
    Monday, December 15, 2008 4:20 PM
  •  This may be because the GUID of the system you are trying to login from is no longer current in Active Directory.

    Remove the system from the domain, restart, delete the user from c:\users -> BACK UP %USERNAME%.v2, delete the GUID from HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\ProfileList\{WHATEVER_THEIR_GUID_IS}

    Then ensure they have a valid profile share in Active Directory Users & Computers.

    Finally add the system back onto the domain, reboot & get them to login.

    Friday, December 19, 2008 5:31 PM
  • Hello

    you really haven't read this have you mate? Do not post if you have NOT READ the entire thread, and since when you can run around and do that for 1000 users? I have provided a solution to prevent this from happening and have mentioned about the GUID one year ago on the first page. so DO NOT post if you don't know what is happening.

     

     

    Thanks

     

    Shaggy

    Friday, December 19, 2008 8:27 PM
  • I had exactly some problem. Since I found your poster by google search, it simultaneously suggested a few software to solve the problem.  sure enough I bought one called 'RegCure' claims solve logon problem. I run it, of course it did not work at all. did you solve your problem now. I wish someone can help on this.

    First question in 2009

    Have a great new year
    Friday, January 02, 2009 8:24 AM
  • Hi, Everyone Happy New year.

     I got this problem during a remote installation of Norton Virus2009 by Norton service man. not only I can not access my account,but also I can't access this account information in my backup Drive. But just now I was able to download files out from that account. What I did is:

    create a new Admin account
    login as Admin.
    Go to: control panel
    go to: Network and Internet
    under: Network and sharing center
    Choose: view network computers and devices
    you can find: owner-pc (or your name) and another computer icon with a strain of strange numbers (I guess that's the remote computer try to install Norton Virus on this computer and the culprit for problem)
    click on: owner-pc
    click on icon: Users
    open: the problem account
    you can access all the files there
    download the files from there.
    you done!!!!


    Cheers,

    Oh, a long relaxing sighing

    That's all I can got now. but still cannot access that account nor delete the strange network computer.
    Friday, January 02, 2009 10:02 AM
  • mr-shaggy in relation to your post on the solution, I have pretty much been running the answer you have proposed since we switched to AD well over 12 months ago, with around 30 vista computers we still get the error, but way less frequently then other seem to be getting it, so I will say it will not eliminate it, but greatly reduce it.  We will even get XP computers with the error far less then vista computers but they will get it.

    All our computers and servers are patched constantly so are at least 99% up to date with patches at any given point in time.

    I do not have any better answers as yet either.

    Regards,
    Jason
    Tuesday, February 17, 2009 9:34 PM
  • Here's a link to a similar issue/fix for people who've had Symantec (Norton) remote on their units.  This would be useful for stand-alone HP/Compaq PCs.  Just posting here so others may find it helpful

    http://h30434.www3.hp.com/psg/board/message?board.id=General&message.id=1907
    Thursday, March 12, 2009 6:06 PM
  • natedell said:

    Ok this worked for me. Log on using a diferent account. run regedit (this edits the registry). Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList there is a list of sids here. These security IDs are what links the useraccount to the profile. Each user account has a sid.  Click on the sids and you will see a ProfileImagePath key in the right hand key. Use this to figure out the effected profile. It will say something like %SystemDrive%\Users\username write this down you will need it later. Once you know which user account the sid is for.Delete the Sid from the profile list hive (just right click on it and hit delete). Now restart and log on as the user you couldn't log in as. It will create a new profile all your settings will be gone. Log off and log back on as a local admin. Go back to regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList again. This was repopulated when you logged back on. Now select profile image path and set it back to what it was originally. See if you can log back in as the user.

    Hope this helps
    Nate Dell
    MCSE (2000, 2003)
    CCNP
    CCNA



     Hey Natedell,

    I have to admit that I was a bit skeptical at first, especially after trying a different SID-based trick. Essentially, I'm running Windows 7 in my environment with SBS 2003. After my old server started giving me headaches, I decided to scrap it and move to another. In doing so I also decided to change my domain name to one which I acquired, so I can run sharepoint, etc...

    Anyways, as anyone knows, going with a new domain and AD can hose your old profiles. I figured though that I would be able to log in as admin, do the sid trick then copy the settings to the newly created profile with the new domain credentials... And that's when I ran into the error at the top of this page.

    Long story short, I tried what you suggested in W7, logged in with my new credentials and BAM!!! My old profile came back to life :)

    Awesome advice. I hope this helps out others in the future.
    Saturday, March 21, 2009 7:35 PM
  • Hi All,

    We have managed to find a work around without Deleting the whole user profile.

    If you load the NTUSER.dat as a registy Hive as Admin in regedit you will see that this has lost the user permissions for the affected account. if the permissions are readded with full control then the user will be able to log back in all setting preserved.

    But this is a Temp fix and the problem has happened again but at leat we are nolonger recreating profiles every time.

    Microsoft please sort this out!!!!
    • Proposed as answer by Mike Lonergan Friday, February 26, 2010 9:16 PM
    Friday, May 01, 2009 9:50 AM
  • I need help....i cant even login to do the things people keep suggesting for enterprise environments.  im  a home user.  ive restored my computer back to previous points but the problem keeps coming back. 

    In the year since you wrote this nobody has responded to the key point:
    How are we supposed to use Regex / manipulate files when Vista restarts after seconds?

    As I wrote in the Dell forum [1]:

    Because it fails Vista re-starts ... even when booted in Safe Mode / Command prompt.

    Because it restarts I can't debug things ... I can't recover files ... I can't make a backup ... I can't restore to Factory.

    I have tried Repair and Last Good Configuration (see below). No joy.

    Seems everyone skips over the tough stuff so they can flash their feathers, without actually having done any lifting.


    I added this:

    I've been using PCs since before DOS3.2 ... I've never, ever, ever been so trashed. Not with Windows 3 ... not even with Win95. For the record: at the moment I'm using Win98SE on a 10 year old 300MHz Toshiba ToughBook. Good stuff keeps working. Trash strops you from fixing it.


    bdt

    (BTW this forum sofware is pretty crummy ... M$ uses 1998 tech? Some folk should hang your heads in shame.)

    1) http://tinyurl.com/cawa4r


    Thursday, May 07, 2009 12:23 AM
  • I'm going to copy part of my reply because this forum's feeble threading function poked it into the stack miles above the bottom:

    Nobody has responded to the key point:
    How are we supposed to use Regex / manipulate files when Vista restarts after seconds?

    As I wrote in the Dell forum [1]:

    Because it fails Vista re-starts ... even when booted in Safe Mode / Command prompt.

    Because it restarts I can't debug things ... I can't recover files ... I can't make a backup ... I can't restore to Factory.

    I have tried Repair and Last Good Configuration (see below). No joy.


    bdt


    1) http://tinyurl.com/cawa4r
    Thursday, May 07, 2009 12:25 AM
  • Hey Shaggy add me and tell me more i really need this administrative right thing going on and i cant have it cause Group Policy where do i delete the group policy
    Monday, July 13, 2009 12:49 PM
  • Gang,

    In spite of Shaggy's insistence on Network Solutions only - I am one of many with a "stand-alone" problem and found this to be the only forum that gave me the inspiration to RESTORE MY PROFILE WITHOUT HACKING THE REGISTRY.

    In my case, the problem was apparently caused by a ChkDsk Repair that corrupted my Registry Profile.

    For common users, I recommend that you use the built in utilities before going Geek on the problem.

    - Boot your computer and press F8 repeatedly until the plain old text menu appears (if Windows starts instead, then you waited too long before pressing F8).
    - Select "Repair your Computer", select your Keyboard Type (US, most likely), and then select the User Profile with Admin privileges.  In my case, I was able to select and login as the User that was throwing the Access Denied error (somewhat baffling, no?).
    - Select "System Restore"
    - Select a Checkpoint Date that was before you had any problems (like before Norton was installed for many of the above victims).  Note that you may have to reinstall some programs if the Restore Point is prior to their installation - but that's a small price to pay for getting your PC back!
    - Follow the directions...

    The System Restore utility will replace the corrupted Registry files with versions that it backed up as part of its normal operation, either for "System Checkpoints", or before any new Software is Installed. 

    THIS IS MUCH SAFER THAN HACKING THE REGISTRY - AND does not mess up the Desktop, Mailbox, or other User Files.

    If you didn't have System Protection enabled, then you're left with the hacks.  If you do manage to recover your computer, I strongly recommend that you search help for "System Protection" and learn how to enable System Restore.

    Good luck getting to the bottom of what CAUSES the corruption ("Ranks, Raggy! Rooby Doo!") - but I hope this is a safe and predictable way of restoring access to your computer.

    Best Regards,
    TJW
    Saturday, September 19, 2009 2:25 AM
  • >come on guys...250 views in 7 days and not a single comment...where are all the Pros??? and Microsoft is just ignoring this..if >you search the web...you can see the issue has been there for years and has never been solved.

    If it's been there for years it's hardly URGENT!!!! is it.

    This is an old post so I hope by now you have realised that by including URGENT!!!! and yet another seven explanation marks in your title does not encourage people to reply to your posts.

    Write normal titles and you will find the real pros much more likely to help (and typically quickly too). Write this kind of Title and they are immediately turned off by it.

    FAQ sites: (SP 2010) http://wssv4faq.mindsharp.com; (v3) http://wssv3faq.mindsharp.com and (WSS 2.0) http://wssv2faq.mindsharp.com
    Complete Book Lists (incl. foreign language) on each site.
    • Proposed as answer by wdegraaf Tuesday, January 12, 2010 2:08 PM
    Friday, November 20, 2009 9:29 AM
  • Sorry, clicked the wrong button. Didn't mean to propose this as an answer at all.

    What kind of reaction is this supposed to be Mike Walsh?
    If the problem has been there for years it's not urgent in your opinion? So if Microsoft ignores a problem, after some years it isn't a problem anymore?

    Anyway, this is an old post, it started 2 years ago, but the problem still exists and Microsoft is not doing anything about it...
    And i stil have not seen a normal reply of a "pro" to this problem too!!!!!!!
    Tuesday, January 12, 2010 2:16 PM
  • Cheers TJW, I have just followed your guide and eliminated the group service client problem:-) Nice one, I was going mad trying to solve the group service login problem. Didn't want to mess in the registry, dangerous if you do not fully understand what you are doing....

    Is sorted now, thanks TJW

     

    btw, i'm writing this on a 6y/o imac with a 6y/o OS (i do need to upgrade OS cos there is some stuff that requires newer OS's to load/work. but not much...).  I never had a problem, c'mon microsoft, apple makin you look silly

    Friday, April 30, 2010 5:45 PM
  • I've just started having this problem, on a standalone PC.  Users with Admin privilege can log in, others can't.  GPSVC will not run - and I cannot make it start.

    I've followed TJW's advice - thanks, it's very clear, but (despite picking a number of different recovery points) I get a "catastrophic failure 0x8000FFFF" and the recovery point cannot be restored every time.

    So, I can't go backwards, and I can't go forwards.

    I don't want to go and live in Steve Jobs' walled garden, and I don't want to trust all my information to Google's cloud.  Can anyone help me make microsoft work, or am I about to have to send Apple some money?

    Thanks

    Monday, December 13, 2010 10:07 PM
  • Seems I have managed to over come this for Remote Desktop Services and may apply to standalone machines too. As administrator I performed this.

    After deleting the profile from within the Advanced System Settings > User Profiles on the RD server I still couldn't logon (as said above about clean deletion of the local profile)

    So I manually loaded the UsrClass.dat and NTUser.dat into the registry as they were not there. To do this I did the following:

    Loaded NTUser.dat from the profile on the server as a hive under HKEY_USERS to S-1-5-21-2055973500-2782184047-1828406536-1165

    Loaded UsrClass.dat from the profile.v2 on the server as a hive under HKEY_USERS to S-1-5-21-2055973500-2782184047-1828406536-1165_Classes

    Then logged in as the user, and it works perfectly again (it did hang on waiting for the session manager). To be sure I then copied the Default user to that newly created profile on the RD server and logged in again, no hangs. Perfect.

    Maybe this will solve a few other peoples problems with these related errors.

     

    Monday, January 10, 2011 4:15 PM
  • Just faced this problem today on a Vista Home computer. After reading this entire post I found the problem on the PC.

     

    I went in the registry to identify the Profil SID here:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    Then in the list there was a "SID-1-5-......-1003" and a "SID-1-5-......-1003.bak"

    The "SID-1-5-......-1003" pointed to c:\user\temp

    and the "SID-1-5-......-1003.bak" pointed to c:\user\GoodUser

     

    I deleted the "SID-1-5-......-1003" entry and renamed "SID-1-5-......-1003.bak" to "SID-1-5-......-1003", rebooted the PC and voila, Profil back online.

     

    Don't know what was the cause, but this computer has Norton Antivirus. Will reinstall Antivirus and cleanup his computer from junk, hopefully problem will be gone forever.

    Friday, January 28, 2011 2:36 PM
  • I found this thread on Google after getting the error, and as I have a technet account I'll post my story.

    I was messing around with registry entries trying to stop a normal user getting infected with viruses - or rather, having malware start up when they log in. I removed the user's full access from their registry key hive with regedit, and then when try try to login they got the error "Group Policy Client service failed the logon". This on a laptop with Vista Home Premium, no domain controller or network login.

    When the user logs out, their registry key is unloaded into NTUSER.DAT. So restoring this file to an earlier state, either with system restore or from a backup, fixes the problem. If the user is still logged on, an administrator can change the registry permissions so that they can reconnect with their logged-on session.

    I have not pinned down exactly which registry key is responsible - however, the classes hive can be locked against write, as can the software key tree (which contains Run and RunOnce), without generating the error.



    Andrew
    Sunday, February 27, 2011 8:14 PM
  • I was able to overcome this on the one PC (mine) on one logon (mine) in AD Server 2003/Vista Bus. by:

    [drum roll plz]

    Logging in to local PC as Admin

    Deleting the local profile in question

    Deleting \\server\share\%username%.v2\ntuser.dat (3,072 kb), .pol (18 kb) and .ini (1 kb) then restoring all 3 from BU

    Not a clue what caused this but it happened as I was playing with scripts to redirect User Shell Folders to a network share.  I yanked the LAN cable to prevent Roaming profile sync when script execution did not go as expected.  Essentially I created the problem myself.

    No idea how to help home users (sorry)


    Thursday, April 14, 2011 1:48 PM
  • hi,

     

    I have the same problem and I just tried to create a new user with admin privilage and from there, i went to c:/users/username/

    and could able to access all the files from this new user account.

    When i try to access first time, it asked to continue the operation.Say continue.hope this hhelps some1.

     

    Thx

    Saturday, April 16, 2011 11:08 PM
  • I'm having this issue now after chkdsk messed things up.  I've done a search on my system and cannot find a copy of NTUSER.DAT anywhere.

     

    I tried creating a new user (I created 2, one to be the new one, and a temp one to use to copy files from the corrupt profile).  However when I logged on to the "new" profile, so that it could created the default files and folders I was getting the same GPC service failed message.  I hadn't at that point copied any files.

    Tuesday, April 26, 2011 9:10 AM
  • Hi,

    Ntuser.dat file is a hidden file,  go to folder option and enable Show Hidden File.

    many people still having issue with this, I believe the only way to fix this is to delete the reg key for standalone computers and implement the GP as I suggested. I did not have any NEW error after implementing this.

     

    Thanks to all for contributing

     

    Shaggy

     

    Tuesday, May 10, 2011 2:23 PM
  • I am working on a Win7 Pro system for one of my customers. New install of Win7Pro on a simple home network that was working as normal, last thing my customer did was install Norton 360, rebooted and could not get past the login screen due to the error "Group Policy Client Service Failed the the login, Access Denied.

    Tried system restores from startup repair - didn't solve.

    Tried safe mode and was able to login and create a new user account. Logged off and was able to login with the new user account. Deleted old account (no data to recover).

    I don't know why this happened or why creating a new account solved the problem. Looks like something to do with Norton 360? or a corrupted Policy.

    Hope this helps,

    Hu.
    Friday, June 17, 2011 5:07 AM
  • Ok this worked for me. Log on using a diferent account. run regedit (this edits the registry). Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList there is a list of sids here. These security IDs are what links the useraccount to the profile. Each user account has a sid.  Click on the sids and you will see a ProfileImagePath key in the right hand key. Use this to figure out the effected profile. It will say something like %SystemDrive%\Users\username write this down you will need it later. Once you know which user account the sid is for.Delete the Sid from the profile list hive (just right click on it and hit delete). Now restart and log on as the user you couldn't log in as. It will create a new profile all your settings will be gone. Log off and log back on as a local admin. Go back to regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList again. This was repopulated when you logged back on. Now select profile image path and set it back to what it was originally. See if you can log back in as the user.

    Hope this helps
    Nate Dell
    MCSE (2000, 2003)
    CCNP
    CCNA
    Hello Nate Dell, I completed your instructions and still need assistance. What I did: F1(repeatedly)/Tab/Ramdisk Device Options/Enter/Next/Password/Enter. Then I am brought to the "System Recovery Options" screen. I then choose Command Prompt and start the process that you have laid out. My results: I deleted all of the SIDS from the profile list! When I restart the computer, I still receive the message "The Group Policy Client Service failed the logon: Access is Denied". I re-trace my first steps and review your steps again to find that the SIDS that I deleted reappeared! I have tried this process a few times and the SIDS, although it states permanently, never permanently delete. I have a Toshiba with Windows Vista. PLEASE HELP, I'm working 5+ hours over here! Keisha
    Tuesday, November 01, 2011 3:58 AM