Tuesday, 25 September 2012

No Policies Applying, Temporary Login, Windows 7

No Policies Applying, Temporary Login, Windows 7 x64/x86

You have been logged in with a temporary profile..  even though the user in Active Directory (AD) is setup correctly and the NTFS/Share permissions are also.. setup correctly.

Whats going on? Hopefully this post will help.

Applies to: Windows 7 x86/x64, Windows 2008R2 Domain

Symptoms

  • No Group Policies have applied to the profile
  • No Mapped Drives/Printers
  • No Preferences Applying
  • Admin (like) control of the machine, no restrictions set
  • An explanation mark (!) in a blue circle appears in the system tray
  • A balloon appears/tries to appear notifying the user that they are logged in with a temporary profile
  • The login is way too quick.
  • If you log out and log back in sometimes the profile works fine, sometimes it logs back in again as a temporary profile. 
  • The issue is intermittent with little/no pattern, sometimes does it, sometimes it does not. Not machine specific, not user specific.
  • If you wait for a few seconds before logging in, the chances of the profile working correctly improves.
  • Occurs more often on wireless devices than wired, but isn't limited to wireless.



Reasons

When Windows 7 was the new big thing, Microsoft had a page about all the cool new features of their brand new operating system.  There was one feature (which unfortunately I have forgotten the name of) but it boasted about priority, fast logins.  Essentially, it meant that if Windows 7 noticed there would be a delay in the logging in, it chose to prioritise just getting the user to the desktop rather than waiting to ensure the login was correctly done.

This is what you are encountering.  Some networks, particularily wireless ones take that little bit longer to establish a new IP address, down to poor signal strength or just generally the type of wireless card you have in your device.

So when a typical user, types in their username and password within seconds of the machine first booting, the chances are the computer hasn't yet got an IP address or stable connection with the server but still attempts to log them in regardless.  Windows 7, realising that there is a networking issue, rather than saying to the user, "Please wait a sec, I haven't fully established a trust with the server", it simply goes, "oh who needs a server, I know your credentials are correct, thats all I basically need, heres a desktop", perfect if you are a home user, really annoying if they are domain user.

Resolutions

Nice and Easy, theres a group policy for it.  Inside that needle in a haystack database there is a policy that ensures the computer (regardless of whether its wireless or not) will make sure the user will not be able to login until a stable connection is first established.

Located Here

Windows Server 2008R2
Computer Configuration -- Policies -- Administrative Templates -- System --  Logon

Windows Server 2003R2
Computer Configuration -- Administrative Templates -- System -- Logon

Policy Name

Always Wait For The Network At Computer Startup And Logon

Set to: Enable



How it works

This is a brilliant policy when applied as it ensures that when a computer is loading up and a user attempts to login the second they can type, it overrides the client operating system's decision to prioritise getting the user to the desktop. 

All policies will therefore come down to the client and apply to the user and computer, thus ensuring that their logins are correctly redirected and their resources (shared areas and Printers) are correctly applied in accordence to your ICT policy.



I hope this helps you all out, I understand that Windows 8 is out soon but for those looking to upgrade to Windows 7, this is a small bug i'm sure you will come across.

It is easy to ignore when testing as when it happens you log off and you log back in and it all seems fine, but bear in mind, you are a technician, you use computers in the way they should be used.  True testing comes from the end user and not the ICT department.

I'm happy to help out anyone with any more issues in relation to this, just leave a comment below.  Additionally, any other fancy features you may of found in the GPO Needle in a haystack database, which you feel will help optimise Windows 7's logging in speed and/or reliability, never hesitate to post a comment, we are all on the same team here, all help is much appreciated.

Speak to you all soon,

The ITMagician

No comments:

Post a Comment

Please enter your comment here, all comments are subject to moderation