I’ve seen this a few times now and there isn’t any good documentation that I’ve found that helps resolve or explain this. This occurs when the Administrator doesn’t have user privileges so it is being denied access when it tries to launch explorer.exe
UAC in enabled on the target machine and it is configured to allow remote desktops. When you TS or logon to the machine with an administrator account, the logon process seems normal and when the desktop should render all you see is a blank screen. You are able to bring up the menu to launch Task Manager with Ctrl + alt + Del or Ctrl + Alt +End but Task manager never launches. The target computer will have a 4006 event logged and the security log will show a successful login.
Log Name: Application
Date: 6/13/2008 10:30:26 AM
Event ID: 4006
Task Category: None
The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Windows\system32\userinit.exe.
If you logon using THE Local administrator account or disable UAC the logon session works as expected.
Why does this happen?
This happens when the account that is a member of the local administrator group but doesn’t have the proper user privileges on the target machine. Vista and 2008 will now create two tokens for an administrator when they logon, one standard user and one full administrator and the standard user token is used to launch the desktop. When the account doesn’t have the proper user privileges it fails to launch the desktop with access denied.
How to fix:
By default Windows Vista and Server2008 have NT Authority\Interactive in the local users group which account for this. If this is missing re-add it or add another account or group to the local users group that contains the account you are using to login.
How to recreate this: (Don’t try this at home, go to a friends house)
You will need two machines a target and a host.
On the target:
The target must be running vista with UAC and remote desktops enabled. Make sure you know THE local administrator account, password and that it is enabled (This will be the easiest way to get back into your computer). Remove all accounts from the local users group and create a new account in the Administrators group or add a domain account there.
On the Host:
Remote Desktop into the target machine and provide the credentials of the account you added to the local admin account. You should see the logon process function normally and when you would expect the desktop never loads and you are stuck waiting.