Originally published 8/15/02
If you are having problems in Windows XP Home or Pro, with Fast User Switching enabled and you are using the "Welcome Screen" feature, check this out.
- Non-admin users unable to log in - after the password has been entered, the screen shows that XP is "Loading user settings" - then it abruptly returns to the Welcome Screen almost immediately
- Administrative users could log in without difficulty.
I determined the cause of the problem by disabling fast user switching and the welcome screen. Then I logged in as a normal (non-adminstrative) user, and the system displayed an error message indicating that the security event log was full, and that only an administrative user can log in to correct the problem. So, it appears that fast user switching and the welcome screen are unable to display this error message, and kick the system back to the welcome screen.
I recalled that shortly after setting up my system, I had configured the local security policy to enable auditing of security events (failures only). This logging is disabled by default.
Upon logging in as an admin user, and checking the event log, I noticed that the security event log was configured as follows:
The important configuration items appear to be:
- Maximum log size of 512 KB
- Overwrite events older than 7 days
Apparently, if there are no events older than 7 days, and the event log is full, the event log cannot be updated when an event is generated. I haven't verified this, but it appears to be the case based on the observed behavior.
I altered the settings to the following:
- Max log size of 8192KB (8 MB)
- Overwrite events as needed
After making these changes, saving the security event log, then clearing it, I logged out, and was able to log in as a normal user without further difficulty.
Apparently, Windows XP generates login failure events for each user account on the system when it displays the Welcome Screen. It does this because it tries to log in with a blank password in order to determine whether each account requires a prompt for password from the user (recall that it does not prompt the user if the account has a blank password.) Microsoft Corp. has a knowledge base article # Q305822 regarding this 'feature' (see below).
- Failure Events Are Logged When the Welcome Screen Is Enabled (Q305822)
Google Groups search: xp "welcome screen" "fast user switching" event security
And the interesting results from the search, reportedly from a MS customer support rep:
[...] "Fast User Switching is a feature that's designed primarily for home users. One thing that Fast User Switching does is to check local accounts for blank passwords to determine if a prompt should be provided for a particular user or not. Users who have elected to maintain blank passwords are not shown the prompt for their account when they switch accounts. Because of this, if account lockouts are enabled in conjunction with Fast User Switching, it is possible for this feature to inadvertently lockout accounts. If you want to enable the account lockout feature, it's recommended that you not use the Fast User Switching feature. I hope this is helpful in clarifying what you are seeing. Please let us know if you have any questions or concerns." [...]
The above excerpt acknowledges that accounts may be locked out (if account lockout is policy has been enabled) but fails to mention the possibility that the event log may fill and prevent non-admin logins.
- And the interesting results from the search, reportedly from a MS customer support rep:
Related tip: Admin Log In from Welcome Screen
If you want to log in as a user not listed on the Welcome screen - just boot the computer, and, when no other users are logged in - hit ctrl-alt-delete twice - this should present you with a traditional user login prompt. It's important that there are no other users logged in, because, if there are, the system just ignores the ctrl-alt-delete presses. Nice, eh?