locked
TSE 2003 Problème ouverture session RRS feed

  • Question

  • Bonjour,

    J'ai un serveur 2003 entreprise qui fait office de TSE.
    Le serveur fonctionne correctement depuis 2ans maintenant.

    Depuis 1 semaine, je rencontre le problème suivant :

    Lorsque l'utilisateur tente de se connecter, il arrive bien sur la fenêtre de login
    Tape son identifiant et mot de passe, la fenêtre disparait et l'écran reste vide ...
    Plus de bureau...

    La seule solution que j'ai trouvé en attendant : les utilisateurs sont admin du domaine...

    J'ai crée un nouvelle GPO - des nouveaux USER, un nouveau groupe avec droit sur "utilisateur du bureau à distance" problème identique...
    J'ai renseigné sur les stratégies de sécurité local (ouverture de session local + ouverture de session TSE) directement mon utilisateur : problème identique.

    Je suis en manque d'idée...
    Si quelque un à déjà rencontré le soucis, je suis preneur d'informations.

    Je suis également dispo pour toute demande supplémentaire concernant l'architecture.

    Par avance merci
    vendredi 30 juillet 2010 14:55

Réponses

  • Bonsoir,

     

    Problème résolu (en attente de reboot)

    J'ai ajouté dans le registre sur toute les clefs primaire l'autorisation "Controle totale" pour le groupe "USER TSE" qui correspond à mes utilisateur du bureau à distance.

    J'ai réussi à ouvrir la session en tant que simple utilisateur

    Ensuite chez supprimé les autorisations accordé une par une. (HKCR-HKCU- ansi de desuite)

    a chaque fois en essayant de me loger.

    Miracle j'ai retiré toute les autorisations et cela fonctionne !

    Je suis en attente de reboot voir si cela fonctionne toujours.

    Réponse demain matin.

     

    Merci pour votre aide +1 au filemon regmon (process monitor)

    A utiliser lorsque personne est connecté !

     

    +++

    mercredi 4 août 2010 15:33

Toutes les réponses

  • Bonjour,

    ca le fait à chaque fois et pour tous les utilisateurs ?

    Tu as jeté quand même un coup d'oeil dans l'observateur d'évènement ? tu dois avoir des remontées d'erreur.

    En général, cela arrive quand la session d'un utilisateur n'est pas fermé correctement et il faut la réinitialiser depuis la console de management TSE mais si c'est systèmatique... Tu as sans doute un problème de droits d'accès au niveau du registre pour les utilisateurs. D'ailleurs, le fait de les passer en admins du domaine conforterait cela.

    Tu as une piste ici: http://www.eggheadcafe.com/forumarchives/windowsterminal_services/Aug2005/post23818132.asp

    Tu dois pouvoir diagnostiquer avec les outils filemon et regmon ce qu'il se passe.

    samedi 31 juillet 2010 10:46
  • QUestion bête mais que dit ton journal des evenements sur le serveur TS lors de la tentative d'ouverture de session ?
    Freddy ELMALEH aka "bigstyle" -- Consultant Freelance pour Active IT -- MVP Windows Server - Directory Services
    samedi 31 juillet 2010 23:03
  • Bonjour,

    Etant donné que votre serveur a bien fonctionne correctement pendant 2 ans. je pense que ce probleme provient suite à l'installation des patchs correctifs veuillez revoir les patchs installer juste avant l'apparition de ce probleme.


    Anouar KETAT Microsoft :MCSA/MCSE Messaging & Security, MCDBA , MCTS/MCITP et MCT
    dimanche 1 août 2010 12:38
  • Merci pour votre réponse,

    J'ai aucune info dans le journal d'evenement.

    J'ai un audit d'ouverture de session sur AD qui me dit que tout est ok

     

    La réinitiallisation via la console ne fonctionne pas.

     

    Je regarde la piste ce soir concernant regmon et filemon (process Monitor)

    Car actuellement, j'ai des millions de log ;-)

    Je vous tiens au courant.

    mardi 3 août 2010 08:15
  • Merci pour votre reponse,

     

    Aucune info dans les logs ...

    mardi 3 août 2010 08:15
  • Merci pour votre reponse,

    Ceci est une des premieres chose que j'ai regardé

    Malheureusement, aucune nouvelle MAJ installé avant l'apparition du problème ...

     

    mardi 3 août 2010 08:16
  • As tu regardé l'observateur d'évènement pour voir si tu as des warnings ou des erreurs dans le journal applications et dans le journal système ? (en particulier userenv)

    As tu redémarre le serveur depuis l'erreur ?

    As tu installé uphclean sur ton serveur ?

     

     

     


    Eric Perromat - MVP Terminal Server
    mardi 3 août 2010 09:06
  •  

    Bonjour,

     

    La session s'ouvre mais ne charge pas le bureau

    Ci-dessous une copie du journal

     

    Ouverture de session réseau réussie :
       Utilisateur : u01
       Domaine : ****
       Id. de la session : (0x0,0x30B4899)
       Type de session : 10
       Processus de session : User32  
       Package d'authentification : Negotiate
       Station de travail : SRVTSE
       GUID d'ouv. de session : {c4a57d85-b1e4-3c3a-8564-24a15a0a6349}
       Nom de l'utilisateur appelant : SRVTSE$
       Domaine appelant : ****
       Id. de session de l'appelant : (0x0,0x3E7)
       ID de processus appelant : 15772
       Services en transit : -%
       Adresse réseau source :     192.168.x.x
       Port source :     47981


    Pour plus d'informations, consultez le centre Aide et support à l'adresse

     

    Le serveur à été redemarré à plusieurs reprises.

    uphclean : installé mais RAS

    Merci de votre aide

    mardi 3 août 2010 16:10
  • crée toi un nouveau user de test (pas admin) ... cet utilisateur ne doit donc avoir aucun profil sur le TS ... essayes la connexion ...

    est correct ou est le même symptome ?


    Eric Perromat - MVP Terminal Server
    mardi 3 août 2010 19:56
  •  

    Oui j'ai regardé le journal, aucun warning ou erreur 'Ouverture de session reussi"

    J'ai redemarré le serveur ;-)

    Upclean est installé

    Ci-dessous les logs  du process monitor en "ACCESS DENIED"

     

    Que faut'il recherché dans tout ca ;-)

     

    "Time of Day","Process Name","PID","Operation","Path","Result","Detail"
    "21:42:18.8503653","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8504888","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8526205","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8527580","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8649939","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8651285","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8671127","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8672859","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8774472","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8775752","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8797124","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8798462","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8893783","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8895000","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8916037","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.8917472","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9156193","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9157251","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9178651","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9180059","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9389235","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9390437","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9411508","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9412802","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9513987","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9515144","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9536739","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9537914","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9686574","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9687793","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9708855","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9709943","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9854021","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9855239","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9876019","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:18.9877456","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8046959","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8048007","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8064801","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8065940","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8148865","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8149810","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8165968","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8166845","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8254609","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8255718","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8272696","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8273563","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8358238","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8359184","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8375553","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8376724","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8567126","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8568269","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8585593","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8586783","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8748986","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8750036","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8766237","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocaĂServer32","ACCESS DENIED",""
    "21:42:19.8767465","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8855920","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8856943","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8873628","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8874467","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8998159","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.8999298","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.9016132","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.9017305","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.9104270","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.9105315","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.9121691","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:19.9122897","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:28.3329529","winlogon.exe","9692","RegOpenKey","HKCR\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InprocServer32","ACCESS DENIED",""
    "21:42:28.3330356","winlogon.exe","9692","RegOpenKey","HKCR\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InprocServer32","ACCESS DENIED",""
    "21:42:28.3384837","svchost.exe","692","RegOpenKey","HKCR\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InprocServer32","ACCESS DENIED",""
    "21:42:28.3385983","svchost.exe","692","RegOpenKey","HKCR\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InprocServer32","ACCESS DENIED",""
    "21:42:28.3391583","svchost.exe","692","RegOpenKey","HKCR\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InprocServer32","ACCESS DENIED",""
    "21:42:28.3392566","svchost.exe","692","RegOpenKey","HKCR\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InprocServer32","ACCESS DENIED",""
    "21:42:28.3639712","svchost.exe","692","RegOpenKey","HKCR\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InprocServer32","ACCESS DENIED",""
    "21:42:28.3640907","svchost.exe","692","RegOpenKey","HKCR\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InprocServer32","ACCESS DENIED",""
    "21:42:28.3646808","svchost.exe","692","RegOpenKey","HKCR\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InprocServer32","ACCESS DENIED",""
    "21:42:28.3648023","svchost.exe","692","RegOpenKey","HKCR\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InprocServer32","ACCESS DENIED",""
    "21:42:28.6609866","userinit.exe","12300","CreateFile","C:\WINDOWS\Debug\UserMode\ChkAcc.log","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
    "21:42:28.6619919","userinit.exe","12300","CreateFile","C:\WINDOWS\Debug\UserMode\ChkAcc.log","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
    "21:42:28.6874385","rdpclip.exe","14180","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm","ACCESS DENIED",""
    "21:42:28.6876159","rdpclip.exe","14180","RegCreateKey","HKLM\System\CurrentControlSet\Control\MediaPropertiĂs\PrivateProperties\Joystick\Winmm","ACCESS DENIED",""
    "21:42:28.6883683","rdpclip.exe","14180","RegCreateKey","HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm","ACCESS DENIED",""
    "21:42:28.7080417","winlogon.exe","9692","RegCreateKey","HKU\.DEFAULT\Software\Microsoft\Multimedia","ACCESS DENIED",""
    "21:42:28.7082508","winlogon.exe","9692","RegCreateKey","HKU\.DEFAULT\Software\Microsoft\Multimedia","ACCESS DENIED",""
    "21:42:28.7310732","userinit.exe","12300","RegCreateKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing","ACCESS DENIED",""
    "21:42:28.7315101","userinit.exe","12300","RegCreateKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing","ACCESS DENIED",""
    "21:42:28.7365838","winlogon.exe","9692","RegCreateKey","HKU\.DEFAULT\Software\Microsoft\Multimedia","ACCESS DENIED",""
    "21:42:28.7368332","winlogon.exe","9692","RegCreateKey","HKU\.DEFAULT\Software\Microsoft\Multimedia","ACCESS DENIED",""
    "21:42:28.8450021","userinit.exe","7384","CreateFile","C:\WINDOWS\Debug\UserMode\ChkAcc.log","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
    "21:42:28.8455157","userinit.exe","7384","CreateFile","C:\WINDOWS\Debug\UserMode\ChkAcc.log","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
    "21:42:28.9118554","userinit.exe","7384","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\Type 1 Fonts","ACCESS DENIED",""
    "21:42:28.9196574","csrss.exe","5612","CreateFile","C:\WINDOWS\system32\cmd.exe","ACCESS DENIED","Desired Access: Generic Read, Write Attributes, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: LIMOUZI\u01"
    "21:42:29.1308036","userinit.exe","7384","RegOpenKey","HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\InProcServer32","ACCESS DENIED",""
    "21:42:29.1337616","userinit.exe","7384","RegOpenKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","ACCESS DENIED",""
    "21:42:29.1484908","userinit.exe","7384","RegOpenKey","HKCR\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32","ACCESS DENIED",""
    "21:42:29.1486802","userinit.exe","7384","RegOpenKey","HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\InProcServer32","ACCESS DENIED",""
    "21:42:29.1742760","Explorer.EXE","8820","RegOpenKey","HKCR\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InProcServer32","ACCESS DENIED",""
    "21:42:29.1849343","Explorer.EXE","8820","RegOpenKey","HKCR\CLSID\{B12AE898-D056-4378-A844-6D393FE37956}\InprocServer32","ACCESS DENIED",""
    "21:42:29.1850637","Explorer.EXE","8820","RegOpenKey","HKCR\CLSID\{B12AE898-D056-4378-A844-6D393FE37956}\InprocServer32","ACCESS DENIED",""
    "21:42:29.1932157","Explorer.EXE","8820","RegOpenKey","HKCR\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32","ACCESS DENIED",""
    "21:42:29.1933505","Explorer.EXE","8820","RegOpenKey","HKCR\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32","ACCESS DENIED",""
    "21:42:29.1974906","svchost.exe","692","RegOpenKey","HKCR\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32","ACCESS DENIED",""
    "21:42:29.1975989","svchost.exe","692","RegOpenKey","HKCR\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32","ACCESS DENIED",""
    "21:42:29.2006775","Explorer.EXE","8820","RegCreateKey","HKLM\Software\Clients\StartMenuInternet","ACCESS DENIED",""
    "21:42:29.2007413","Explorer.EXE","8820","RegCreateKey","HKLM\SOFTWARE\Clients\StartMenuInternet","ACCESS DENIED",""
    "21:42:29.2008030","Explorer.EXE","8820","RegCreateKey","HKCR\http\shell","ACCESS DENIED",""
    "21:42:29.2008826","Explorer.EXE","8820","RegCreateKey","HKCR\HTTP\shell","ACCESS DENIED",""
    "21:42:29.2060751","Explorer.EXE","8820","RegOpenKey","HKCR\CĂSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32","ACCESS DENIED",""
    "21:42:29.2061714","Explorer.EXE","8820","RegOpenKey","HKCR\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32","ACCESS DENIED",""
    "21:42:29.2285941","userinit.exe","7384","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-335078657-1529966298-1238819485-1373","ACCESS DENIED",""
    "21:42:29.2304512","csrss.exe","5612","CreateFile","C:\WINDOWS\system32\cmd.exe","ACCESS DENIED","Desired Access: Generic Read, Write Attributes, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: LIMOUZI\u01"
    "21:42:29.2962447","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.2963449","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.2979757","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.2980719","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3094228","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3095485","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3116520","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3118271","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3215334","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3216418","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3235525","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3236692","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3343738","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3345118","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3367305","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3369210","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3590481","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3591712","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3612541","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3613725","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3789790","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3790645","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3809694","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3810884","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3928714","svchost.exe","692","RegOpenKey","ĂKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3929837","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3951469","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.3952648","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4104932","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4106290","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4127317","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4128535","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4175193","explorer.exe","15652","RegOpenKey","HKCR\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InProcServer32","ACCESS DENIED",""
    "21:42:29.4285996","explorer.exe","15652","RegOpenKey","HKCR\CLSID\{B12AE898-D056-4378-A844-6D393FE37956}\InprocServer32","ACCESS DENIED",""
    "21:42:29.4287464","explorer.exe","15652","RegOpenKey","HKCR\CLSID\{B12AE898-D056-4378-A844-6D393FE37956}\InprocServer32","ACCESS DENIED",""
    "21:42:29.4336875","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4338693","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4374446","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4376035","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4394975","explorer.exe","15652","RegOpenKey","HKCR\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32","ACCESS DENIED",""
    "21:42:29.4396688","explorer.exe","15652","RegOpenKey","HKCR\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32","ACCESS DENIED",""
    "21:42:29.4441520","svchost.exe","692","RegOpenKey","HKCR\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32","ACCESS DENIED",""
    "21:42:29.4443165","svchost.exe","692","RegOpenKey","HKCR\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32","ACCESS DENIED",""
    "21:42:29.4465225","explorer.exe","15652","RegCreateKey","HKLM\Software\Clients\StartMenuInternet","ACCESS DENIED",""
    "21:42:29.4465918","explorer.exe","15652","RegCreateKey","HKLM\SOFTWARE\Clients\StartMenuInternet","ACCESS DENIED",""
    "21:42:29.4466891","explorer.exe","15652","RegCreateKey","HKCR\http\shell","ACCESS DENIED",""
    "21:42:29.4467667","explorer.exe","15652","RegCreateKey","HKCR\HTTP\shell","ACCESS DENIED",""
    "21:42:29.4525084","explorer.exe","15652","RegOpenKey","HKCR\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32","ACCESS DENIED",""
    "21:42:29.4526508","explorer.exe","15652","RegOpenKey","HKCR\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32","ACCESS DENIED",""
    "21:42:29.4537062","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4538131","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4559037","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4560464","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4654351","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4655221","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4Ă\LocalServer32","ACCESS DENIED",""
    "21:42:29.4671500","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4672319","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4809947","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4811030","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4827813","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4828971","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4938904","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4939776","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4955793","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.4956608","svchost.exe","692","RegOpenKey","HKCR\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32","ACCESS DENIED",""
    "21:42:29.6762569","taskmgr.exe","10064","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm","ACCESS DENIED",""
    "21:42:29.6763034","taskmgr.exe","10064","RegCreateKey","HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm","ACCESS DENIED",""
    "21:42:29.6764843","taskmgr.exe","10064","RegCreateKey","HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm","ACCESS DENIED",""
    "21:42:44.2179327","spoolsv.exe","960","RegCreateKey","HKLM\System\CurrentControlSet\Control\Print\Providers","ACCESS DENIED",""
    "21:42:44.2180723","spoolsv.exe","960","RegCreateKey","HKLM\System\CurrentControlSet\Control\Print\Providers","ACCESS DENIED",""

    mardi 3 août 2010 20:01
  • Je pense que cette ligne est importante, mon profil test s'appelle U01

     

    "21:42:29.2304512","csrss.exe","5612","CreateFile","C:\WINDOWS\system32\cmd.exe","ACCESS DENIED","Desired Access: Generic Read, Write Attributes, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: LIMOUZI\u01 "

    mardi 3 août 2010 20:11
  • Le profil U01 est un profil standard (non admin) qui a les même autorisations que les profils qui fonctionnaient avant.
    J'utilise ce profil pour mes tests

     

    J'ai crée de nouveau un profil "tstest", problème identique.

    J'ai la fenetre en haut a gauche "application des paramètre"

    Puis plus rien...

     

    mardi 3 août 2010 20:22
  • Bonsoir,

     

    Problème résolu (en attente de reboot)

    J'ai ajouté dans le registre sur toute les clefs primaire l'autorisation "Controle totale" pour le groupe "USER TSE" qui correspond à mes utilisateur du bureau à distance.

    J'ai réussi à ouvrir la session en tant que simple utilisateur

    Ensuite chez supprimé les autorisations accordé une par une. (HKCR-HKCU- ansi de desuite)

    a chaque fois en essayant de me loger.

    Miracle j'ai retiré toute les autorisations et cela fonctionne !

    Je suis en attente de reboot voir si cela fonctionne toujours.

    Réponse demain matin.

     

    Merci pour votre aide +1 au filemon regmon (process monitor)

    A utiliser lorsque personne est connecté !

     

    +++

    mercredi 4 août 2010 15:33