Windows 7: Trust Relationship Error - Local Administrator Account Locked.
I have 2 Windows 7 Professional machines that recently locked me out citing the "Trust Relationship between this workstation and primary domain failed".
I assumed all I would have to do is log in as local administrator and remove it from the domain and then re-add it. When I tried to log on, it told me that I have the password was incorrect - which I knew it wasn't. After a
few tries I got a different message that said that the account was locked. No idea how this could have happened. Every other local account was locked as well.
I checked the AD on our 2003 server and I didn't see anything out of the norm. The computers were in the correct OU, and were not disabled in anyway. I searched online for a solution, but they all required me to be able to log on to the local
admin, which is disabled.
I tried to boot to Safe Mode with a Command Prompt and typed in: net user administrator /active:yes .
It told me that the change had been made, but when I reboot it still shows the local account as disabled.
Any suggestions would be greatly appreciated.
Edit: It is Windows 7 Professional x64
I have had this issue twice as well. However I have been always been able to log in with local admin rights. removing then rejoining to domain seems to never get things back to normal for me. Once it is reset and joined back to the domain all software just
seems to be missing but still there at the same time. Like Antivirus shows its installed in c:\program files but its not running. If I go to domain users start menu everything is missing but go into c:\program files and its all there. So every time I have
seen this error a reimage is what I do seems to work a lot better than dealing with the head aches. Sorry I was not any help but that is my two cents.
Similar Messages
-
I need help, How could I add Aliases to Local Administrator account via terminal commands???
I want to use commands to add alias for existing administrator account remotly by using ARD.
Thanks.Hi,
a Windows Domain Controller does not have any local user or groups. So you might add the user to the admin group at Domain level.
B RGDS,
Gregor
Edited by: Gregor Gasper on Jan 9, 2009 1:44 PM -
How to unlock local administrator accounts
Hi all,
I have a XP machine that is a member of Win2008 domain and the local
administrator account is locked out
whenerver i restart xp machine automaticaly locked out admin accounts.
how to unlock the xp or windows 7 machines local admin accounts over gpo.
Regards,
UdaiyarHow to unlock local administrator account
Using CMD (Adminstrator)First
you’ll need to open a command prompt in administrator (Ctrl + X + A in Windows 8).
Then, run the following command to unlock the account.
net user administrator /active:yes
Then, log out and you’ll now see the Administrator account as a choice.
To lock this account again, type
the following command:
net use administrator /active:no
http://www.suctips.com/2014/02/how-to-enable-local-administrator.html -
DLU and local "Administrator" account
I have another network admin that has given me some information of the
subject heading that I don't quite understand...
They are using ZEN 3.2 with DLU on a Citrix server. This way, when a
student logs in via Citrix and gets logged in, ZEN policies restrict
them to what they can and cannot do on the local machine. Since they
need elevated rights to the registry (for whatever reason), they use
the "Administrator" account and are members of the "Administrator"
group on the local machine.
I simply don't understand it...When I use DLU (on workstations mind
you), I have the following for the policy...
================================================== =======
Enable DLU
Manage Existing User Account (if any)
Use eDirectory Credentials
Nothing underneath for the username, but they are members of "Users"
================================================== =======
His configuration is as follows...
================================================== =======
Enable DLU
Manage Existing User Account (if any)
Username: Administrator
Member of: Administrators, Users
================================================== =======
He tells me that with this config when a student logs in, they
automatically use the local "administrator" account. That's what I
don't get.
My config makes a new user on the workstation if they haven't logged
into the machine before. I thought at times it would be handy to make
3 accounts locally, such as "Staff" "Student" and "Administrator" for
instance, but didn't realize this config he talks about could make it
happen. Can it? I still don't get it at this point. I'm reading my
manuals and what-not and am not yet convinced.
What I'm hung up on is the password syncing. If I am logging in as
"bbinder" with a password of "hello" (NDS credentials) but the local
"administrator" password is "goodbye", why wouldn't it prompt me for
the administrator password since it's not the same as mine? There
isn't an "existing account" to manage in his config. This (I assume)
means it uses the account specified in the name field you can type in.
In his case, this is "administrator" as typed in above. But since the
passwords aren't the same, how does it use the local "administrator"
account? Does it overwrite the password? Does it create a new
administrator account and call it "administrator.001" ??? Not quite
getting it yet.
Anyone want to try and help me with this? Some people think there
would be some big benefits by having everyone use the local
"administrator" account, for instance because it has full rights to
the registry and file system. Plus, GP's will still be in effect, so
they would be locked out of the parts of the workstation you want to
lock them out of anyway.
Other advantages would include a "pre-made" user profile that has
already been secured and populated with the various things deemed
acceptable by the company's/school's policies.
Also, no delay on login when a new local account has to be created.
Since they are all using the same account being specified in the
policy, it would be nice and fast to login to.
Finally, no more prompting new users to enter in their names and
initials when MS Office apps run for the first time under a user
account. Maybe this could be avoided with a policy, but this would
suffice as well.
Sorry it's so long, but I appreciate any help you guys can offer to
clear this up for me.
BrianCraig,
I'm sorry - I thought I replied on this post but I didn't.
Just wanted to say thanx for taking the time to explain this to me.
Brian
On Fri, 20 Aug 2004 10:46:44 GMT, Craig Wilson
<[email protected]> wrote:
>DLU simply changes the "Administrator" accounts password in this instance.
>
>How do you know what the current "Administrator's Password"? You don't
>and you just pray DLU or something does not break.
>
>Instead of using the "Administrator's Account", just use any other name of
>an account that does not exist like "SQUAREPANTS".
>
>DLU will create the account and put it in the administrators group.
>All users will share the same profile so you get all the benefeits of the
>other system, without the risk of losing access to the box.
>
>I actually never give user's local admin rights nor do I have user's share
>profiles, but ............. -
Turn off Password never expires on local administrator account
Hello Experts,
we have some servers where the Password Never Expires flag is checked , and I am trying to find out a scripting way to uncheck these option so that password expires on the Local administrator account(Not AD Account).
There are -bor 0x10000 (https://social.technet.microsoft.com/Forums/en-US/e4e96a5e-3b28-4673-8c61-d4abdf8f2426/win-7-setting-the-option-password-never-expires-for-a-specific-local-user?forum=winserverpowershell)
which turn this option ON.
But , what is need is exact opposite. I want to turn off the option so that , the password gets expired.
Thanks,
-Prashant Girennavar.
MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.PowerShell example:
$ADS_UF_DONT_EXPIRE_PASSWD = 0x10000
$admin = [ADSI] "WinNT://$Env:USERDOMAIN/$Env:COMPUTERNAME/Administrator,User"
$flags = $admin.UserFlags[0]
if ( ($flags -band $ADS_UF_DONT_EXPIRE_PASSWD) -ne 0 ) {
$flags = $flags -band (-bnot $ADS_UF_DONT_EXPIRE_PASSWD)
$admin.UserFlags = $flags
$admin.SetInfo()
Retrieve UserFlags (bit array), and if the bit is set, clear it. Reassign UserFlags with cleared bit, and write the change.
-- Bill Stewart [Bill_Stewart] -
Administrator account locked/password was changed
Hi All,
Administrator account locked/password was changed. Is there any way to see the logs to see when this happened or by whom?
Any way to lock this down then it can't be changed by another administrator account? Limit it so it can only be seen/changed by some people like A or B?
Regards
TrilochanHi,
I am able to see the log but we are having trouble reading them. They are not very straightforward i got some inforamtion about what a log contains in following link but the format is different from here.
http://help.sap.com/saphelp_nw04/helpdata/en/03/37dc4c25e4344db2935f0d502af295/frameset.htm
We are getting the log in this format so not able to find when and by whom.
#1.5 #0017A438CB3C00240000023400001F1C00047F7D19D6AFB9#1266075187981#/System/Security/Usermanagement#sap.com/irj#com.sap.security.core.persistence#Guest#0####15e3ebd018b511df8b390017a438cb3c#SAPEngine_Application_Thread[impl:3]_0##0#0#Warning#1#com.sap.security.core.persistence#Java###Authentication failed on LDAP server: back end message #1#[LDAP: error code 49 - Invalid Credentials]#
#1.5 #0017A438CB3C00240000023500001F1C00047F7D19D79CBB#1266075188044#/System/Security/Audit#sap.com/irj#com.sap.security.core.util.SecurityAudit#Guest#0####15e3ebd018b511df8b390017a438cb3c#SAPEngine_Application_Thread[impl:3]_0##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest | LOGIN.ERROR | NONE = null | | Login Method=[default], UserID=[jb99532], IP Address=[64.25.25.7], Reason=[Authentication did not succeed.]#
#1.5 #0017A438CB3C001D000001E700001F1C00047F7D1D2D5575#1266075243998#/System/Security/Audit#sap.com/irj#com.sap.security.core.util.SecurityAudit#Guest#0####37476fe018b511dfc25b0017a438cb3c#SAPEngine_Application_Thread[impl:3]_16##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest | USERACCOUNT.MODIFY | USERACCOUNT = UACC.CORP_LDAP.066277700 | | SET_ATTRIBUTE: lastpasswordchange=[0001266075243920], SET_ATTRIBUTE: passwordchangerequired=[false]#
Regards
Trilochan -
SCCM 2012 R2 CU3 - Drivers Not Installing, Local Administrator Account Disabled
After PXE OSD for a Thick Image of Win 7 x64 Ent completes, several Task Sequence steps are not complete. Namely, 3 device drivers are missing (NIC, SM Bus and some other chipset driver), the built-in Administrator Account is disabled and it's not Domain
joined.
I have already re-created the thick WIM twice. It was built in a VMware VM then captured with SCCM Capture Media. The NIC is a Realtek and I have downloaded the most recent version of the drivers from HP's site and added them to a driver package which is
deployed. I even added several older drivers to my Boot Image and created to 2 steps to add drivers in the Task Sequence - one automatically installs the best drivers, the other installs a package with 7 NIC drivers. When I get the error during PXE OSD, I
press F8 and the machine has an IP address and the driver for the NIC appears to be correct. Upon rebooting, Windows completes setup but the Administrator Account is not enabled and the NIC driver is missing, etc.
Here is the portion of the log where errors begin to show up (from D:\SMSTSLog). Any help is GREATLY appreciated!!
!--------------------------------------------------------------------------------------------! TSManager 11/18/2014 1:06:57 PM 872 (0x0368) Expand a string: WinPE TSManager
11/18/2014 1:06:58 PM 872 (0x0368) Executing command line: OSDApplyOS.exe /data:XXXXX0001A,%OSDDataImageIndex% TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Command line for extension
.exe is "%1" %* ApplyOperatingSystem 11/18/2014 1:06:58 PM 1040 (0x0410) Set command line: "OSDApplyOS.exe" /data:XXXXX0001A,1 ApplyOperatingSystem 11/18/2014
1:06:58 PM 1040 (0x0410) Searching for next available volume: ApplyOperatingSystem 11/18/2014 1:06:58 PM 1040 (0x0410) Volume C:\ has already used. ApplyOperatingSystem
11/18/2014 1:06:58 PM 1040 (0x0410) Volume D:\ has already used. ApplyOperatingSystem 11/18/2014 1:06:58 PM 1040 (0x0410) Volume E:\ is not a XXXXX hard drive.
ApplyOperatingSystem 11/18/2014 1:06:58 PM 1040 (0x0410) Volume X:\ is not a XXXXX hard drive. ApplyOperatingSystem 11/18/2014 1:06:58 PM 1040 (0x0410) it
!= volumes.end(), HRESULT=80004005 (e:\nts_sccm_release\sms\client\osdeployment\applyos\installcommon.cpp,519) ApplyOperatingSystem 11/18/2014 1:06:58 PM 1040 (0x0410) There are no more volumes available
for use. ApplyOperatingSystem 11/18/2014 1:06:58 PM 1040 (0x0410) GetNextAvailableVolume(allowFAT, volume), HRESULT=80004005 (e:\nts_sccm_release\sms\client\osdeployment\applyos\installcommon.cpp,651)
ApplyOperatingSystem 11/18/2014 1:06:58 PM 1040 (0x0410) The requested target could not be resolved to a valid volume on this computer. Check your task sequence to ensure this drive is correct and that it is being
created The parameter is incorrect. (Error: 80070057; Source: Windows) ApplyOperatingSystem 11/18/2014 1:06:58 PM 1040 (0x0410) ResolveTarget( g_Target, g_InstallType == InstallType_DataImage, targetVolume
), HRESULT=80004005 (e:\nts_sccm_release\sms\client\osdeployment\applyos\applyos.cpp,483) ApplyOperatingSystem 11/18/2014 1:06:58 PM 1040 (0x0410) Process completed with exit code 2147500037
TSManager 11/18/2014 1:06:58 PM 872 (0x0368) !--------------------------------------------------------------------------------------------! TSManager 11/18/2014 1:06:58 PM
872 (0x0368) Failed to run the action: Apply Data Image 1. Unspecified error (Error: 80004005; Source: Windows) TSManager 11/18/2014 1:06:58 PM 872 (0x0368) MP server http://XXXXSCCM12.XXXXX.XXXXX.
Ports 80,443. CRL=false. TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Setting authenticator TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Set authenticator
in transport TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Sending StatusMessage TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Setting message signatures.
TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Setting the authenticator. TSManager 11/18/2014 1:06:58 PM 872 (0x0368) CLibSMSMessageWinHttpTransport::Send: URL:
XXXXXSCCM12.XXXXX.XXXXX:80 CCM_POST /ccm_system/request TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Request was successful. TSManager 11/18/2014 1:06:58 PM
872 (0x0368) Set a global environment variable _SMSTSLastActionRetCode=-2147467259 TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Set a global environment variable _SMSTSLastActionSucceeded=false
TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Clear XXXXX default environment TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Let the parent group (Install Operating
System) decides whether to continue execution TSManager 11/18/2014 1:06:58 PM 872 (0x0368) The execution of the group (Install Operating System) has failed and the execution has been aborted. An action
failed. Operation aborted (Error: 80004004; Source: Windows) TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Failed to run the last action: Apply Data Image 1. Execution of task sequence failed. Unspecified
error (Error: 80004005; Source: Windows) TSManager 11/18/2014 1:06:58 PM 872 (0x0368) MP server http://XXXXXSCCM12.XXXXX.XXXXX. Ports 80,443. CRL=false. TSManager 11/18/2014
1:06:58 PM 872 (0x0368) Setting authenticator TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Set authenticator in transport TSManager 11/18/2014 1:06:58
PM 872 (0x0368) Sending StatusMessage TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Setting message signatures. TSManager 11/18/2014 1:06:58 PM
872 (0x0368) Setting the authenticator. TSManager 11/18/2014 1:06:58 PM 872 (0x0368) CLibSMSMessageWinHttpTransport::Send: URL: XXXXXSCCM12.XXXXX.XXXXX:80 CCM_POST /ccm_system/request
TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Request was successful. TSManager 11/18/2014 1:06:58 PM 872 (0x0368) Executing command line: X:\WINDOWS\system32\cmd.exe
/k TSBootShell 11/18/2014 1:07:38 PM 764 (0x02FC) The command completed successfully. TSBootShell 11/18/2014 1:07:38 PM 764 (0x02FC) Successfully launched
command shell. TSBootShell 11/18/2014 1:07:38 PM 764 (0x02FC) Execution::enExecutionFail != m_eExecutionResult, HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmanager\tsmanager.cpp,923)
TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Task Sequence Engine failed! Code: enExecutionFail TSManager 11/18/2014 1:07:43 PM 872 (0x0368) ****************************************************************************
TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Task sequence execution failed with error code 80004005 TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Cleaning Up.
TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Removing Authenticator TSManager 11/18/2014 1:07:43 PM 872 (0x0368) shKey.DeleteValue( c_szRegValue_SecurityToken ),
HRESULT=80070002 (e:\nts_sccm_release\sms\framework\ccmutillib\ccmutillib.cpp,1660) TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Cleaning up task sequence folder TSManager
11/18/2014 1:07:43 PM 872 (0x0368) Unable to delete file D:\_SMSTaskSequence\TSEnv.dat (0x80070005). Continuing. TSManager 11/18/2014 1:07:43 PM 872 (0x0368) hr, HRESULT=80070091
(e:\nts_sccm_release\sms\framework\core\ccmcore\ccmfile.cpp,1218) TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Failed to delete directory 'D:\_SMSTaskSequence' TSManager 11/18/2014
1:07:43 PM 872 (0x0368) (dwRet = ::SetNamedSecurityInfoW ((WCHAR*) pszObjectName, objectType, OWNER_SECURITY_INFORMATION, pOwnerSID, NULL, NULL, NULL)) == ERROR_SUCCESS, HRESULT=80070005 (e:\qfe\nts\sms\framework\tscore\utils.cpp,6675)
TSManager 11/18/2014 1:07:43 PM 872 (0x0368) SetNamedSecurityInfo() failed. TSManager 11/18/2014 1:07:43 PM 872 (0x0368) SetObjectOwner() failed. 0x80070005.
TSManager 11/18/2014 1:07:43 PM 872 (0x0368) SetObjectOwner (szFName, SE_FILE_OBJECT, c_szAdministrators), HRESULT=80070005 (e:\qfe\nts\sms\framework\tscore\utils.cpp,6772) TSManager 11/18/2014
1:07:43 PM 872 (0x0368) RemoveFile() failed for D:\_SMSTaskSequence\TSEnv.dat. 0x80070005. TSManager 11/18/2014 1:07:43 PM 872 (0x0368) RemoveDirectoryW failed (0x80070091) for D:\_SMSTaskSequence
TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Deleting volume ID file C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca ... TSManager 11/18/2014 1:07:43 PM 872
(0x0368) DeleteFileW(sVolumeIDFile.c_str()), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,508) TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Deleting volume ID file D:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca
... TSManager 11/18/2014 1:07:43 PM 872 (0x0368) DeleteFileW(sVolumeIDFile.c_str()), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,508) TSManager 11/18/2014
1:07:43 PM 872 (0x0368) Successfully unregistered Task Sequencing Environment COM Interface. TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Command line for extension .exe is "%1"
%* TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Set command line: "X:\sms\bin\x64\TsProgressUI.exe" /Unregister TSManager 11/18/2014 1:07:43 PM
872 (0x0368) Executing command line: "X:\sms\bin\x64\TsProgressUI.exe" /Unregister TSManager 11/18/2014 1:07:43 PM 872 (0x0368) ==========[ TsProgressUI started in process 1980 ]==========
TsProgressUI 11/18/2014 1:07:43 PM 624 (0x0270) Command line: "X:\sms\bin\x64\TsProgressUI.exe" /Unregister TsProgressUI 11/18/2014 1:07:43 PM 624 (0x0270)
Unregistering COM classes TsProgressUI 11/18/2014 1:07:43 PM 624 (0x0270) Unregistering class objects TsProgressUI 11/18/2014 1:07:43 PM 624 (0x0270)
Shutdown complete. TsProgressUI 11/18/2014 1:07:43 PM 624 (0x0270) Process completed with exit code 0 TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Successfully
unregistered TS Progress UI. TSManager 11/18/2014 1:07:43 PM 872 (0x0368) g_TSManager.Run(), HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmanager\tsmanager.cpp,766) TSManager
11/18/2014 1:07:43 PM 872 (0x0368) ::RegQueryValueExW(hSubKey, szReg, NULL, NULL, NULL, &dwSize), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\utils.cpp,811) TSManager 11/18/2014 1:07:43
PM 872 (0x0368) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 11/18/2014 1:07:43 PM 872 (0x0368) GetTsRegValue() is unsuccessful.
0x80070002. TSManager 11/18/2014 1:07:43 PM 872 (0x0368) End program: TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Error Task Sequence Manager failed
to execute task sequence. Code 0x80004005 TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Sending error status message TSManager 11/18/2014 1:07:43 PM 872
(0x0368) MP server http://XXXXXSCCM12.XXXXX.XXXXX. Ports 80,443. CRL=false. TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Setting authenticator TSManager 11/18/2014 1:07:43
PM 872 (0x0368) Set authenticator in transport TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Sending StatusMessage TSManager 11/18/2014 1:07:43 PM
872 (0x0368) Setting message signatures. TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Setting the authenticator. TSManager 11/18/2014 1:07:43 PM 872
(0x0368) CLibSMSMessageWinHttpTransport::Send: URL: XXXXXSCCM12.XXXXX.XXXXX:80 CCM_POST /ccm_system/request TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Request was successful. TSManager
11/18/2014 1:07:43 PM 872 (0x0368) Finalize logging request ignored from process 804 TSManager 11/18/2014 1:07:43 PM 872 (0x0368) Process completed with exit code 2147500037
TSPxe 11/18/2014 1:07:43 PM 864 (0x0360) Task Sequence Manager returned code 0x80004005 TSPxe 11/18/2014 1:07:43 PM 864 (0x0360) ThreadToResolveAndExecuteTaskSequence
returned code 0x00000000 TSPxe 11/18/2014 1:07:43 PM 844 (0x034C) ResolveProgressPage::OnWizardNext() TSPxe 11/18/2014 1:07:43 PM 844 (0x034C) Activating
Finish Page. TSPxe 11/18/2014 1:07:43 PM 844 (0x034C) Exiting with return code 0x00000000 TSPxe 11/18/2014 1:07:43 PM 844 (0x034C) Execution complete.
TSBootShell 11/18/2014 1:07:43 PM 768 (0x0300) hMap != 0, HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\environmentscope.cpp,493) TSBootShell 11/18/2014 1:07:43 PM
768 (0x0300) m_pGlobalScope->open(), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\environmentlib.cpp,335) TSBootShell 11/18/2014 1:07:43 PM 768 (0x0300) this->open(), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\environmentlib.cpp,553)
TSBootShell 11/18/2014 1:07:43 PM 768 (0x0300) ::RegQueryValueExW(hSubKey, szReg, NULL, NULL, NULL, &dwSize), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\utils.cpp,811) TSBootShell
11/18/2014 1:07:43 PM 768 (0x0300) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSBootShell 11/18/2014 1:07:43 PM 768 (0x0300) GetTsRegValue()
is unsuccessful. 0x80070002. TSBootShell 11/18/2014 1:07:43 PM 768 (0x0300) End program: TSBootShell 11/18/2014 1:07:43 PM 768 (0x0300) Finalizing
logging from process 760 TSBootShell 11/18/2014 1:07:43 PM 768 (0x0300) Finalizing logs to root of first available drive TSBootShell 11/18/2014 1:07:43 PM
768 (0x0300) Successfully finalized logs to D:\SMSTSLog TSBootShell 11/18/2014 1:07:43 PM 768 (0x0300) Cleaning up task sequencing logging configuration. TSBootShell
11/18/2014 1:07:43 PM 768 (0x0300)Thank you for the reply, you're right the problem is with an image being applied, but not the OS image.
The issue is that for some reason, there were 2 images captured and SCCM automatically created a step for both. Image 2-2 is the valid Windows image, but image 1-1 clearly has some issues. I disabled the that step in the Task Sequence and it installed drivers
and completed the rest of the Task Sequence! -
Msiexec /qn fails when its not run using the built-in local administrator account
Hello all,
I am working on a project where I am trying to automate the deployment of VMs through a self-service portal.
Among other tasks such as clone VM, sysprep it, assign an IP, create AD computer object, join VM to domain and so on..., i need to install a few applications using msiexec, which is driving me crazy...
For this purpose, I am using a local user account part of the administrators group.
Please note, UAC is disabled on all the OS.
Basically, the msi installation works as expected on Windows 7 machines, however on Windows 8/2012, it fails due to lack of permissions. The curious thing is that if I use the built-in\administrator account instead for the deployment on those systems, the
application is installed correctly.
I have tested some things such as: DisableMSI (http://msdn.microsoft.com/en-us/library/aa368304%28v=vs.85%29.aspx), but although it progresses a bit further, it keeps failing.
Does anyone know what I can do to allow an user part of the administrators local group to be able to install using msiexec /qn?
Thanks in advance.Hi,
Does it work if you use the account in local admin, and run the commands prompt as administrator to install the msi file? Please know that Only the built in administrator account has admin privilege by default. On other admin accounts you need
to run with elevated privilege (ie runas).
I would like to know if you use SCCM to perform your deployment with task sequence.
As I known, even if you disable UAC, the following policy is still enabled to detect application installation.
Computer configuration\Windows settings\Security Settings\Local
Policies\Security Options -> User Account Control: Detect application installations and prompt for elevation policy
Please disable this policy to see if your issue can be fixed.
Kate Li
TechNet Community Support -
Windows Server 2012 R2 cannot rename Administrator account via GPO
Have created the normal Rename Administrator GPO: Comp config -> Policies -> Windows settings -> Security settings -> local policies -> Security options Accounts: Rename Administrator Account
But GPO does not get applied for some reason, RSOP indicated the policy engine did not attempt to configure the setting.
Any suggestions?Hi,
Any update?
Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance. If the issue persists, please provide the following information for further
research.
GPMC.log
==================
a. On domain controller, click Start -> Run, type GPMC.MSC, it will load the GPMC console.
b. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper
user in the wizard)
c. Right click the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file.
Best Regards,
Andy Qi
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.
Andy Qi
TechNet Community Support -
Enabling Windows Server 2008 R2 Built-In Administrator Account
The properties box for my Windows Server 2008 R2 built-in administrator program says the account is disabled. Even the primary user account has virtually no priveliges. How can I, with a mere primary user account available at logon, enable
the built-in administrator account, or otherwise grant my primary user account administrator priveliges? Windows Server 2008 R2 denies my primary user account access/permission for nearly all changes to accounts, programs and OS features.
Stephen W PlunkettThe properties box for my Windows Server 2008 R2 built-in administrator program says the account is disabled. Even the primary user account has virtually no priveliges. How can I, with a mere primary user account available at logon,
enable the built-in administrator account, or otherwise grant my primary user account administrator priveliges? Windows Server 2008 R2 denies my primary user account access/permission for nearly all changes to accounts, programs and OS features.
Stephen W Plunkett
In some of the organisations, default admin accounts on member servers are purposefully locked/disabled through group policy for security reasons.
If you know the password for locked out/disabled admin account then there is a possibility of unlocking/re-enabling the account without using any third party tools.
To do that,
Restart the server
Press F8 and select Safe Mode Without
Networking
Log on to the server with locked out/disabled admin account with its password.
If you could successfully log on to the server then you will have option to unlock and enable the built-in admin account !
Most of the downtime's are caused because of SysAdmin's curiosity ! - Santosh -
Can anyone help me with this problem. ITunes message," The iTunes library file cannot be saved. You do not have enough access privileges for this operation." I have administrator account and transferred files from old PC. I downloaded new iTunes program on new PC. I synced my iPhone to new PC, no problem. I deleted old account after indicating shared files to new admin account. Can anyone help?
A belated reply, as the problems itunes has have discouraged me from using it much. If you uncheck the "read only" box, it doesn't stay that way! Next time you use it, the box comes up checked.
I'm still having that problem, even when I open iTunes as administrator.
I've yet to see the answer to this problem. I use itunes mostly to download audiobooks, and I'm ready to download more, and want to save them! -
Administrator Account locked on Netweaver 7.1 Java Stack
Hello all,
I try to find a possibility how I can unlock the administrator account in Netweaver Java stack 7.1
We do not have a double stack ABAP / JAVA installed so the solution with the SAP * falls off, I think
What should I do so I can unlock the administrator account in Java ?
Thanks in advance
Best regards
VitoHi Prabhat,
I have found a link which described my problem
the emergency user is actually the SAP* User
http://help.sap.com/saphelp_nwce711/helpdata/en/0b/50ad3e1d1edc61e10000000a114084/frameset.htm
Thanks
Best regards
Vito
Edited by: Vito Cecere on Jul 13, 2011 1:27 PM -
hi,
in our Portal the Administrator Account gets locked every 2-3 hours. we also change the password in the secure store.
is there a chance to find out, why? a central log or something? i can't analyze every log, because we have 7 instances with each 4 servers.Hi Andre
If you check the security logs in j2ee/cluster/server<n>/log/system, when the user gets locked you will see log entries from the failed authentication attempt, and more information including hopefully the IP address of the machine where the request comes from, and the login module stack used during the authentication. Maybe this information will help isolate the origin of the invalid administrator password.
An alternative approach, which is dependent on the version of the AS Java is to activate some tracing.
There is a new trace location available for problems such as this - com.sap.security.core.locking
You can get the info from this location by adding it to the Log Configurator service in the Visual Administrator if it is available, and adjusting the severity accordingly. Then examine the defaultTraces when the user gets locked
However it is easier in this case to use the web diagtool. Follow note 1045019 to deploy the web diagtool, if not done before
Then to start the trace, follow example 2 and add just com.sap.security.core.locking and start the trace. The potential problem here is that the diagtool will be running for 2-3 hours while you wait for the user to be locked, however hopefully by just tracing location com.sap.security.core.locking the resultant log will not be too large. The diagtool will capture traces from all servers in a system
If the location is not available in the diagtool then perhaps it is not available for your system SP
When the user is locked, hopefully the trace will give you information about the origin IP, the stack trace and the auth stack used -
Java Administrator account locks frequently
In our java only system, the administrator user (and others) lock frequently with failed logins. Is there a way to determine the source of the lock, such as the originating IP address?
We have a complex landscape, and as of yet have been unable to find a RFC or other connection with invalid credentials.
Thank you.I found the answer myself. It is logged:
usr\sap\<sid>\<instance>\cluster\server0\log\system\security.0.log
com.sap.security.core.util.SecurityAudit#Plain###Guest | LOGIN.ERROR | NONE = null | | Login Method=[default], UserID=[adminstrator], IP Address=[xxx.xxx.xxx.xxx], Reason=[Authentication did not succeed.]
Hope this helps someone else. -
Administrator account locked...any solutions?
the master password was not accepted when i tried to login to the system info link as an administrator on successful installation of the NW04(630). there was apparently nothing worng with the entered password......still, any solutions on how to unlock the account? also, to change password?
If you are talking about J2EE stack, then you may look at the option to activate superadmin account (SAP*) through
Config Tool => UME properties.
Follow this link for more info:
http://help.sap.com/saphelp_nw04s/helpdata/en/3a/4a0640d7b28f5ce10000000a155106/content.htm
Regards,
Mike
Message was edited by: Mike Puzankov
Maybe you are looking for
-
Dears, My SharePoint farm is with the below configuration in our office : Batch processing server the with Central Administration Web Front End Sever 1 (http://wfe01) Web Front End Sever 2 (http://wfe02) I do have the load balance URL as http://finan
-
Have two apple IDs. Can I merge them somehow?
I have two apple IDs. One from before icloud - ends in sbcglobal.net. When icloud became available, somehow I created a new apple ID ending in me.com. Is there some way that I can merge them so that I have only one apple ID to manage? I have two
-
How to get separators from a string
I need to find the thousand separator, hundred separator and decimal separator from a string. I need to check which separator is available in a string ie., thousand or hundred separator. There may be a case where there is no separators. Please sugges
-
Hi, I developed an ADF UIX application in JDeveloper 10.1.2. It works fine when I run on embedded oc4j in my machine. I deployed it to Oracle Application Server 10g in AIX. When I run the application from the Application Server and try to open a uix
-
Hello What is the best practice to upgrade Oracle 10g (10.2.0.4 )RAC with two physical nodes and one physical Data Guard to Oracle 11(12) RAC with Data Guard? Two RAC nodes are already quiet old, they have to replace probably. Maybe is the best way t