Page 1 of 1

Windows XP logon problem

Posted: Sun Nov 22, 2009 7:59 pm
by champted
I am a district computer specialist in a rural area. The clerk PC in a branch 50 miles away will not allow us to log into Windows XP as CLERK, which has been their standard username since I installed the PC about 4 years ago. As far as I can tell, nobody has attempted to change the password for the CLERK user.

I visited the site today, as I was unable to diagnose the problem via e-mails with the branch clerk.

I have searched this site for information related to this problem and could find none.

There is a spooky (or should I say "phishy") aspect to our problem. If I purposely put in a known bad password, I get the expected WinXP error message about making sure the CapsLock is off. However, if I enter the formerly good password, I get the following message in an info box entitled "Logon Message":

Code: Select all

[yellow !-triangle symbol]
Your account has been disabled. Please see your system
[OK button]
I have not seen this particular error message before. And yes, it indeed doesn't have anything after the word "system", no noun, no punctuation, etc. This sets off my "Danger, Will Robinson" alarm. Could we have gotten a malware infection of some kind? The people who use the PC say they haven't connected to anything but the MLS send/receive changes facility. However, I suppose it's possible that somebody might have infected the PC with a USB stick, but I thought Symantec Anti-virus was supposed to keep that from happening.

I tried booting a Linux live CD, mounting sda1 (the Windows C: drive), and looking at the boot directory, but didn't find anything obvious there. Unfortunately, the Linux distribution I happened to have with me didn't have an anti-virus scanner or rootkit detector on it, so I wasn't able to check for them (I thought it did. Oh, well, time to put a different CD in my church bag...).

Is this error message legitimate, and if so, is there some other way of logging into Windows XP?

If not, should I just take the Desktop 5.5 CD-ROM up there, do a reinstall, update MLS to v.3.0.2, update SAV, and update data from their most recent backup? (I wouldn't want to update to v.3.1 in that process, as they weren't running it when the system became unusable; we can do that update later.)

Thankx in advance for any useful suggestions or info.

Posted: Sun Nov 22, 2009 8:11 pm
by aebrown
champted wrote:Thankx in advance for any useful suggestions or info.

This won't be very helpful to you for this particular scenario, but it may help others. The Desktop 5.5 instructions specifically told the Stake Technology Specialist that he was to set up an administrative Windows user for himself. Had you done this, it would be simple to login using that account and fix the CLERK user account.

I noticed that the instructions for setting up a new Dell 740 don't include that suggestion, but they really should. It's very easy to add an extra administrator account at the time you are setting up a new computer, and can save a lot of grief down the road.

Posted: Sun Nov 22, 2009 8:17 pm
by Mikerowaved
If too many bad password attempts are entered, the account will indeed be disabled for a short period of time, so that message may be normal for the circumstances.

If after a waiting period (I think it's 15 mins, but I'm not positive) you still can't get in, I would recommend using your Linux live cd and a flash drive to backup the C:\Program Files\LDS Church\MLS\Data\ folder. (If it were me, I would save the entire C:\Program Files\LDS Church\ folder.) You then have several options, including using the Desktop 5.5 restore feature found on bootup, reinstalling the version of MLS you last used, then restoring the saved data from your flash drive. This will wipe out the entire C: drive, so save any other data you may have there first.

I also PM'ed you another option.

Posted: Sun Nov 22, 2009 9:09 pm
by champted
Thank you both for your quick replies, and for the info therein.

Alan, I'm pretty sure I did that when I set them up, but I can't remember the password I assigned to the account I created. I'll need to do a thorough search of my usual hidey-holes in the clerks' office when I get back to church later this week to see if I can find it.

Mike, I'll try your suggestion if the others don't work. Just for info, the logon failed on the first attempt this morning after the PC had been idle for over an hour (sacrament meeting).

My biggest concern is the possibly bogus nature of the logon failure message, because of the way it is worded, and the fact that it didn't reset after a reasonably long period of time. Call me paranoid, but keep in mind that I think Cliff Stoll is a hero ("The Cuckoo's Egg") for paying attention to a series of six-cent accounting discrepancies and finding a major theft ring in his investigation of them <grin>.

Posted: Sun Nov 22, 2009 11:08 pm
by jdlessley
The message you received is most commonly associated with an account that has been disabled or deleted and you try to log onto that account. This same message will be displayed when an account is no longer available because of corrupt registry settings for the account or hard drive sector errors. What is unusual is the absence of the complete message which is "Your Account Has Been Disabled. Please See Your System Administrator".

If there is a problem with the account because it has been deleted or a corrupt registry your options are limited. If you have a way of running a disk error checking program such as chkdsk.exe then I would do that to eliminate a problem with the hard drive. Even if there are hard drive errors that can be fixed by a utility you will have probably lost access to the old Clerk user account but probably not the MLS and user working files. I have recovered one computer with such a problem but did so by logging onto the computer through another administrator account and creating a replacement Clerk user account.

With a hard drive problem ruled out I would try to gain access through another administrator account. Finding the password for the other administrator account you set up would save a lot of time and work. There are utilities available to reset Windows XP passwords if you know the user account you set up but cannot find the password. If you would like to know more about this send me a PM.

If you cannot get into the system through another administrator account your best option is to reinstall the system from the Desktop 5.5 disks. If you can recover the directories and files Microwaved mentioned as well as any other user working files you only have to download the latest MLS release from the MLS website and the latest SAV definition updates (link available at the MLS website).

As an STS I carry all the available files from the MLS website on a USB memory stick in addition to the latest SAV definition updates. I also carry a bootable offline Windows NT Password & Registry Editor CD. Both are invaluable for most situations I have come across.

Posted: Mon Nov 23, 2009 12:30 am
by faazshift
Whatever you do, it might still be a good idea to mount your drive using your linux live-cd and copy your files, or at least the important ones, to another device. Also, from the linux live-cd you should be able to run a filesystem check and repair using 'fsck.ntfs /dev/sda' or, if you are using a 'fat' filesystem type, 'fsck.vfat /dev/sda'.

SOLVED: Windows XP logon problem

Posted: Thu Nov 26, 2009 6:32 pm
by champted
Problem is fixed, and the CLERK logon has been restored to normal operation. Thank you to all who replied; all the posts and PMs were helpful in some way.

As it turns out, I did find the password for the administrative Windows user that I created at installation time (as mentioned by Alan_Brown), and that ability was indeed helpful.

It also seems in retrospect that I was being overly cautious regarding my concern over the wording of the error message.

Now if I could just figure out how to edit the title of my original post to prefix SOLVED: to it...

Hoping everybody had a good Thanksgiving!

Posted: Thu Nov 26, 2009 8:26 pm
by jdlessley
champted wrote:Now if I could just figure out how to edit the title of my original post to prefix SOLVED: to it...
This is not possible. The post you just made is sufficient to let others know the status of the issue.