Archive for May, 2011

Windows XP: Troubleshoot logon issues

May 31, 2011 1 comment

Slow logon times is in my opinion one of the most common complaints of users especially when you have them on the phone and ask them to log-off and log-on again. Then there will be a big chance that they say oh that will take a lot of time! In this post I will cover a small tutorial of how I enable logging and troubleshoot this for Windows XP clients. For Windows 7 I prefer to use the Debugging and performance tools in the “Windows SDK toolkit” to troubleshoot logon issues because this provides more info then in Windows 7 then XP. This was already covered in my previous post.

First it’s important to enable some logging to determinate the issue:

For myself is the user environment log the most important log file because here I can determine easier when exactly a user logs in and when it is  finished. The netlogon & uermode log files are located in %systemRoot%\Debug & %systemRoot%\Debug\UserMode

To analyze the UserMode userenv.log file I prefer to use the free third party tool Policy Reporter:

Example events of userenv.log :

USERENV(224.228) 11:06:41:452 LoadUserProfile: Entering, hToken = <0x860>, lpProfileInfo = 0x6e3e0
-> You have entered your login credentials

USERENV(224.228) 11:06:41:452 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
-> Winlogon tries to identify your profile

USERENV(224.228) 11:06:41:452 LoadUserProfile: lpProfileInfo->lpUserName = <test_user>
-> Start loading profile your

USERENV(af8.a08) 11:07:13:045 LibMain: Process Name:  C:\WINDOWS\Explorer.EXE
-> Logon finished -> Explorer.exe starts: desktop, taskbar loaded.

So I have collected the correct logon timings, I can start investigating the events between these. Also I will investigate the %systemRoot%\Debug\netlogon.log events between the same timings to detect errors or time-outs.

You can also use the NLParse tool from Account lockout and management tools of Microsoft to extract some events from the netlogon: NLParse.exe.

The netlogon.log & userenv.log provides a lot of information and it could take some time to get through them. The best way is first to determine the time difference between each event to detect the slow logon issue.

Categories: Windows XP / 7

Outlook: Disable Security alerts

May 30, 2011 1 comment

Sometimes are plug-ins for Outlook or third party software installed on your computer that tries to access your Outlook address book for example Synchronization software for your mobile phone. The standard security system of Outlook will produce the following warnings that continuously recurs:

A program is trying to access e-mail addresses you have stored in Outlook. Do you want to allow this? If this is unexpected, it may be a virus and you should choose “No”.       

The biggest disadvantage of this warning is that it does not determine the program that tries to access Outlook and this is very annoying.

Mapilab has developed an application called “Advanced Security for  Outlook” that is installed separately from Oulook and traps Outlook Security messages. It determines the exact soure and then asks if you want to allow the initiating application (your Access program) to send the message. You have the option of “ALWAYS perform this action for this file” to allow access or block access.

Download for free the Mapilab Advanced security for Outlook:

Categories: Tools

Powershell: Clear TsProfilePath in Active Directory

May 6, 2011 Leave a comment

Last week I had an odd issue in powershell when I was creating a script to clear the “Terminal Services profile” for a list of users. The following error appeard when I tried to clear the Terminal services path via “Get-QADUser test_user | Set-QADUser -TsProfilePath $null”:

Set-QADUser : The specified directory service attribute or value does not exist. (Exception from HRESULT: 0x8007200A)

After a little reaserach I found a topic on Powergui with similar problems. It turns out that there might be a problem between ADSI and powershell for the “Terminal Services profile” settings when you try to clear these settings.  Fortunly a member of the Powergui made already a workaround with ADSI and PSBase.

Add or remove the following lines in the underneath script to clear the HomeDrive, HomeDirectory and the Profilepath.

$objADSI.psbase.InvokeSet(“TerminalServicesHomeDrive”, “”)
$objADSI.psbase.InvokeSet(“TerminalServicesHomeDirectory”, “”)
$objADSI.psbase.InvokeSet(“TerminalServicesProfilePath”, “”)

This example clears the “Terminal services profile path” for the samaccountname column in accounts.csv :

#This script will clear the Terminal Services Profile Path based on a csv file

$imported = Import-Csv "C:\Input\Accounts.csv"

$imported | ForEach-Object {
get-qaduser $_.Samaccountname | Modify-DirectoryObject

function Modify-DirectoryObject {
begin {$count=0}
process {
$objADSI = [ADSI]$_.Path
$objADSI.psbase.InvokeSet("TerminalServicesProfilePath", "")
end {"objects were modified"}