Administrator account cannot log on

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I cannot log on to my machine with the administrator account. Here is the
error from the event log:

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 2/13/2007 5:53:21 PM
Event ID: 1505
Task Category: None
Level: Error
Keywords: Classic
User: IWAN\Administrator
Computer: iwan
Description:
Windows cannot load the user's profile but has logged you on with the
default profile for the system.

DETAIL - Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service"
Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="49152">1505</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2007-02-13T22:53:21.000Z" />
<EventRecordID>35583</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>iwan</Computer>
<Security UserID="*omitted*" />
</System>
<EventData Name="EVENT_ADMIN_OVERRIDE">
<Data Name="Error">Access is denied. </Data>
</EventData>
</Event>

Any thoughts?

Thanks,
I. Kinal
 
Hello,

Thank you for posting in the Microsoft newsgroup!

From your post, my understanding on this issue is: you get event 1505 when
you log on as the administrator in Vista. If I'm off base, please feel free
to let me know.

It seems like the administrator does not have enough privilege on his
profile folder. Please try the following steps to fix this issue:

1. Click Start menu and click Computer
2. Double click local disk C (or any other driver you installed Vista)
3. Double click Users folder
4. Right click on "Administrator" folder and click properties
5. Click Security tab
6. Confirm the account Administrator (IWAN\Administrator) is in the list
and have full control of the folder
7. If administrator is not in the list, click edit and click Add in the
popped out window
8. Type "IWAN\administrator" and click OK
9. Click Full Control and click Apply
10. Re-login the administrator account and check whether the problem is
fixed

Please let me know if you have any other concerns, or need anything else.

Sean Cai, MCSE2000
Microsoft Online Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
 
Hi,

Thank you for your response. I checked, and the administrator account does
have full control permission on that folder.

Thanks,
I. Kinal
 
Hi,

Please help me collect an MPS Report, I'll check event logs in it and do
some further diagnoses.
To generate an MPS Report
------------------------------------
1. Download MPS Report tool from below URL:
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_SETUPPerf.EXE
2. Execute the tool on the computer, and if you are prompted "Include the
MSINFO32 report?", please type Y.
3. Please send the result file (CAB file) to me at (e-mail address removed).

For detailed information about the MPS Report Tools, please refer to the
following link:
Microsoft Product Support's Reporting Tools
<http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F
-88B7-F9C79B7306C0&displaylang=en

In addition to the MPS Report, collect the privilege settings on the users
folder:
1. Click Start and type "cmd" in the "Start Search"
2. Run command "cd.." to switch to the users folder
3. Run command "cacls * >ACL.TXT"
4. Send the ACL.txt file to me as well

Please let me know if you have any other concerns, or need anything else.

Sean Cai, MCSE2000
Microsoft Online Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
 
Hi,

I tried to run the MPS Report tool, but it did not work. It began to
install, and I saw the MPS white screen with blue font show several lines of
"1 file(s) copied", then there was another line of text that I just briefly
saw, before the window disappeared, and then Vista gave me the "This program
did not install correctly" box . Is there maybe a new version of this tool
for Vista?

I will send you the other information you requested to your e-mail in just a
minute.

Thanks,
I. Kinal
 
OK, I just tried to run the cacls command on the users folder, and it gave me
an "Access is Denied".
 
Hi,

I didn't get your mail in the past few days. Can you try again?

Since I won't be in the office in the next a few days, my response maybe
slow. Sorry for the inconvenience and thank you for your understanding.

Have a good day!

Sean Cai, MCSE2000
Microsoft Online Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
 
OK, I just tried to run the cacls command on the users folder, and it gave me
an "Access is Denied".
 
Hello,

I'm sorry for the slow response since I wasn't in office in the last few
days. Sorry for the inconvenience.

The administrator should have full control privilege on the Users folder.
Please check the security settings on the Users folder and do the following
steps:
1. Click Start and type "cmd" in the "Start Search"
2. Run command "whoami"
3. Paste the output to the newsgroup

Sean Cai, MCSE2000
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
 
Hi,

It occurred to me that I did not try to run the cacls command in the context
of the administrator account. When I did so, it worked. I have emailed you
the results.

Thanks,
I. Kinal
 
Hello,

The ACLs on Administrator's directory seems to be fine.

Please run the cacls command under the \users\administrator folder for more
information. You can post the output to the newsgroup this time.

Also, help me check the permission in the registry:

Run regedit to start Registry Editor.
Right click on HKEY_CURRENT_USER and click Permissions
Verify the administrator has full control and read permission on this
registry key

Please let me know if you have any other concerns, or need anything else.

Sean Cai, MCSE2000
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
 
OK, I think that I discovered something interesting in the registry. I tried
running regedit as administrator, but that once again gave me the same error
that we started this thread with. I then ran regedit with my user account, to
which I have temporarily assigned administrative permissions. I checked
HKEY_Users, and there is no key under there with the SID of the Administrator
account (ending in -500). Shouldn't it be there?

Thanks,
I. Kinal
 
Hello,

Regarding the information you provided, please check the registry keys in
the following position:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

You can verify whether the administrator is missing by checking the
ProfileImagePath key. And Also please collect ACLs information in the
administrator's profile directory as well. The HKCU registry is saved as
two dat files in this directory.

Best Regards,

Sean Cai, MCSE2000
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
 
I went to the registry location that you specified. There was one key under
there with the SID of the administrator account, but it was virtually empty.
There was another key that was named with the SID of the administrator
account and then had a .bak on the end - this key was much fuller, and
included the correct ProfileImagePath entry. So I made the other one into a
backup, and deleted the .bak from this one, and now the administrator account
works properly! Now I'm just wondering how and why this happened.

Thanks for helping me solve this!
I. Kinal
 
Hi,

Glad to know the problem is fixed!

About the cause of this problem, malware or virus would be by my first
guess. Though the problem has been fixed, I suggest you to do a virus scan
just to be safe.

For your convenience, I have included some online scan services and
software download links as the following:

Windows Defender (Beta 2)
<http://www.microsoft.com/athome/security/spyware/software/default.mspx>

HijackThis
<http://www.tomcoyote.org/hjt/>

Trend Micro - Free online virus Scan
<http://housecall.trendmicro.com/housecall/start_corp.asp>

Panda Active Scan - Free online scanner
<http://www.pandasoftware.com/activescan/com/activescan_principal.htm>

---------------------------------------------------------------
This response contains a reference to a third party World Wide Web site.
Microsoft is providing this information as a convenience to you. Microsoft
does not control these sites and has not tested any software or information
found on these sites; therefore, Microsoft cannot make any representations
regarding the quality, safety, or suitability of any software or
information found there. There are inherent dangers in the use of any
software found on the Internet, and Microsoft cautions you to make sure
that you completely understand the risk before retrieving any software from
the Internet.
---------------------------------------------------------------

Have a good day!

Sean Cai, MCSE2000
Microsoft Online Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
 
I have Windows Live Onecare 1.5 running, and it tells me that my system is
clean.

Thanks,
I. Kinal
 
Hi,

In this case, since the possibilities are too many, I suggest we keep
observing and pay attention to what we do daily and hopefully isolate the
root cause of this issue the next time it appears.

Best regards,

Sean Cai, MCSE2000
Microsoft Online Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
 
I'm having a similar but slightly different issue with Vista login. I'm the
Administrator, and have two user accounts. Everything was fine for about a
month. But, then I couldn't log in as the administrator any more. The message
I get " The user profile service failed the login. User profile cannot be
loaded". Any thoughts how I can correct this? I have followed your thread,
but didn't find a solution for me there.
Thank-you!
Piaras
 
FYI - Piaras, and all regarding 'The User Profile Service Failed the
Login/User Profile Cannot Be Loaded' problem. I have an E1705 Dell Laptop,
Home Premium Vista. Have had since May 2007 with few real problems in
general, but let it be known, I do not like Vista. That said, on 12/20 in
the a.m. I was running fine. I shut down, left for a while, came back and
turned the computer on to find the problem staring me in the face. After
numerous epithets, I called Dell and spent the next 2 hours on the phone with
a techie all to no avail. During this process I was told THIS IS A KNOWN
PROBLEM AT MICROSOFT! It has been known for quite a while, there is rumor
that it is tied to one or more of their half a$$ed Automatic Updates. I was
finally told by the Dell rep that I could either kick my computer back to the
Factory settings and lose everything OR wait until mid January 2008 for the
FIX that Microsoft is going to release. I refuse to go back to day one as I
already had to do that shortly after I received the laptop. So I have
decided to wait and just use the laptop as a doorstop to my computer room,
using my XP desktop in the interim. I am to call back Dell with my case
number and they will guide me through the fix, manually I suppose via Safe
Mode since I can't do anything else.
By the way, I have tried the 'fix' that has been going around at
http://cherrybyte.blogspot.com/2007/07/fixing-user-profiles-in-vista.html
Doesn't work for me and not being a guru I don't like screwing around in
regedit.
 
Back
Top