Thursday, January 31, 2013

SOLVED - Group Policy Client Service Failed The Logon

We've had this problem at work a few times now. When someone comes to log onto a computer it gives them a message saying "Group Policy Client Service Failed The Log on". Goggling this gave a lot of answers but none of them seemed to solve it. In the end we resorted to re-imaging the computer as it only took an hour. Most of the answers from Google revolved around deleting the corrupt local profile and then getting them to log back on. This never worked for us for some reason.

In the end we discovered that it was a permissions problem and not a corrupt profile problem. This is how we solved it.

1) First log on to the computer with an administrators account.

2) First make sure that 'Hide protected operating system files' is unticked in folder options. Then load up regedit

3) Click on the 'Users' Hive and then click 'File' at the top and choose 'Load Hive'


4) Browse to the users folder on the C drive and then into the profile of the account you are having a problem with. In here you will see a file called 'ntuser.dat' open this.

5) It will ask you for a name. Give it any name, it doesn't matter what it is.

6) You will now see the hive you just loaded with the name you gave it under the users hive.

7) Right click on this hive and choose 'Permissions'

8) In here you should see three accounts. System, Administrators and the user name of the person who's profile you are fixing. If ANY of these are not shown it will not work. You need to add all three and then give them full control in the permissions section. There may also be a user called 'restricted'. you can add this if you want but it will work without it. In the picture below you will see that a username is not there. You will need to add it.


9) Once you have added all three and given them the correct permission you can close it and then close the registry.

10) Log off

11) Get the user to log on and they should be fine!