Life's a beach

Thursday, September 03, 2009 / Posted by Luke Puplett /

Originally uploaded by lukepuplett
After returning from a surfing break in Croyde, Devon, England, I discovered I'd finally won something on eBay: a new hard disk for my ageing kitchen laptop.

After fitting the disk I went upstairs to wire it onto my LAN and get at the PCMCIA wifi drivers and discovered my 1999 IBM StinkPad had, in what appears to be a last stand of jealousy, shredded its hard disk too. This laptop had been running my DNS and Windows domain for years, so this meant I needed to setup my network again.

Having wanted to rename my domain to my new corporate domain,, I wasn’t fussed, but I remembered the pain I’d endured the last time around with GPOs and Windows Vista, most notably with that most deplorable innovation to have emerged from Redmond in recent years, User Account Control.

Queue frantic tugging at folicles for most of Monday night. Having configured the GPO with what I thought were the correct series of enables and disables, I soon found myself in UAC Neverland, where the system is neither on or off – the most unusual characteristic of this strange place was the slight darkness all around.

Shortly after logging-in, Vista dims the entire screen, sparing the mouse cursor which remains a bright oasis of white over a rather cinematic workspace.

Of course the other issue caused by UAC is the dreaded Destination Folder Access Denied message that appears when you attempt to rename, delete or move any files. Quite what moved Microsoft to give their administrators a personality disorder is beyond me – users receive a dual login token when the system is enabled so you can be and not be who you think you are.

All was solved by disabling it proper using msconfig.exe

And for anyone getting error “The Group Policy client service failed the logon” just after Windows sign-in, you can mount the NTUSER.DAT of the problem account in regedit (you must highlight HKEY_USERS before the Load Hive option is allowed) and then re-flood the hive with correct permissions.

I’d tried to graft my old profile into my new one. For me, where I’d changed domain, my old SIDs were meaningless. Group policy being applied was now unauthorised to write to my HKEY_USERS hive. Although correcting the ACLs got me in, endless other problem saw me scrap my smart idea and start again with a new profile.


Post a Comment