[Help] remote desktop auto logoff on connection

[petri]

I recently rebuilt my desktop with xp sp2 and applied the hacked termserv.dll to the install to enable multiple concurent logins on the machine.

If i try and login to the machine remotely on an account that isnt currently logged into (I have a remote working account seperate from the main profile), the connection is established, im authenticated and start the login process.

As soon as the login process has finished, it automatically logs me off the system, with no warning or explanation.

If i then login to the machine locally using that account and then connect from a remote location / machine, i connect to the session without a problem.

This hasnt always been the case, my previous image of xp doesnt have this issue and i was able to perform remote logins without initially logging into the machine.

I have clear event logs and tried to glean a bit more info into what is occuring but not much joy, this is the entry that appears

source: Userenv Event Id: 1068

Desc ::Windows ended GPO processing because the computer shut down or the user logged off.

have checked Event Id and found this link

http://www.eventid.net/display.asp?eventid...Userenv&phase=1

however have to subscribe to see further and the microsoft link is dead. Checked on microsofts site and cant find the document reffered to.

Anyone came across this before ?

[cluberti]

Enable logon auditing and process auditing in gpedit.msc (computer configuration > windows settings > security settings > local policies > audit policy > Audit logon events / Audit process tracking (set both to success and failure)

Then, the next time you log on, check your security log - it should show the logon, processes being started by SYSTEM, and then the logoff. Whatever process is loaded by SYSTEM before the logoff event is triggered is likely the suspect.

[petri]

get the follow entry in between login and logout .

Event Type: Success Audit

Event Source: Security

Event Category: Privilege Use

Event ID: 576

Description:

Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0x1227C4DC)

Privileges: SeChangeNotifyPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

[petri]

ok found this

http://support.microsoft.com/?kbid=886212

seems to be issue, thanks for your help anyway

[cluberti]

We also have this problem with ATI Radeon drivers - I was going to ask if you had a Radeon card . Nice to know we aren't discriminatory - we have issues with both ATI and Nvidia cards .