Logs in by itself!!!

[Stiddy]

I have a application server with sp6A that recently began logging in by itself. The autologon registry hacks are not enabled. After about 1 to 2 hours, whatever user logged on last and then logged out succesfully is automatically logged back on and the machine is locked as that user. You can then try to log off that user as a domain admin or even the local admin, but only that user can unlock the server. Very strange. Has anyone ever run across this before. This server has had no recent hotfixes applied to it. So far I have searched the registry high and low, and also removed the machine from the domain and readded it successfully.

Thanks for all input!!!

 

[jrbarnett]

Hi

No idea why it happens automatically.
Have you tried resetting the user's password with User manager so it can't be blank?

You don't mention what the application is. Assuming it is a typical background service which client machines connect to like a database engine, MS Exchange, Notes, IIS or similar, it will set itself up its own user which will appear in the user manager and in some cases may be a full administrative equivalent although this is often not required.
This user will have log on as a service rights and will do this at system startup if the application and user is configured properly.
However I have not come across a user logging in as a local user in an interactive mode (ie on system console) without AutoAdminLogon set (or no password set for Local administrator on a standalone PC).

I hope that this gives you an idea of a few things to check though even if it doesn't answer your question.

John

 

[Stiddy]

jrbarnett and all others,

This servers only function on our network is that of a member server which runs no applications such as the above examples. It only serves as a storage server for workstation ghost images. I am stumped on this for I have been a administrator of NT for 3 to 4 years and have never seen this. I did however check all of the services and whom they run as. I found that they all run as the system account. Just to rehash my problem, If I logon to the server as myself, whom is a domain admin, the local admin, or any domain user who has rights to logon locally, after about 1 to 2 hours whomever logged on last is automatically logged on again and the system is then locked under that users account. NOBODY except that user can unlock the server.

 

[Excalibur1701]

I'm not sure if I'm reading your request right, but, check the following registry:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultUserName"="yourUsername"
"AutoAdminLogon"="1"
"DefaultPassword"="yourPassword"

If AutoAdminLogon is set to 1, it will log the PC in automatically...if it is set to 0, then it will not.

 

[Stiddy]

Excalibur1701,

I wish that AutoAdminLogon was set because that would be an easy fix, but unfortunately that is not it. I am at a loss on this one. I now have the same problem on another server on the same subnet. Both happen to run NortonAntiVirus Corporate addition and have been scaned with no found viruses. The only common thing that has happened to these servers I recently found out is that IBM updated the BIOS on them. Can't really see how that would affect the operating system, but maybe I am missing something here.

 

[Hammer92]

I have seen this and know how to fix it!
The main problem is that the screen saver that is set does not exist or is corrupted. Replace the scr file and it shouldn't happen again.
To unlock the machine .... press Ctrl-Alt-Delete and clear the Username & Password fields. Press the "Domain" selection arrow and scroll to the top. There should be a blank entry - slect it and click OK. Server is now unlocked and ready for loggon.