cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

How To Recover from Windows 8/8.1 Disable/Enable User Access Control (UAC) via Domain GPO Break.

TSE_AREAD
Level 2
Employee Accredited
‎01-20-2014 01:45 PM
Hello all,
 
I thought this maybe useful as it caused a lot of grief that took several days to fix.
 
After Disabling UAC via Domain GPO and Re-enabling it Users that logged in with account when UAC was disabled are now broken and need to be recreated.
 
When I realized that UAC is required for Windows 8 Metro to function I immediately remedied my mistake. However, the damage was already done and my client's profiles that use the Windows 8 machines are at this point broken.
 
I found an article that talks reports "Disabling UAC via this method also breaks many elements in Windows 8."http://www.petri.co.il/disabling-user-account-control-uac-in-windows-8.htm#
 
After enabling UAC for the windows 8 machines all profiles were damaged to the point where a "Temp" profile would be created to login to the affected systems. I then renamed the profile folders from C:\users\ to "*-old". Rebooted and attempting to login with any of the users produced the same behavior (temp profile). 
 
I then began thinking that something else was telling Windows that the profiles were still present and do not need to undergo the profile creation process (ie. The "Hi" screen > "Windows is setting up things…" etc.)
 
I then thought maybe there is a manual way to remove profiles from the registry as the only other option is to create new users completely or reinstall the O/S (as my domain users will not be renamed…)
 
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes. 
 
The only article I found on manual removal of profiles from the registry was one regarding the ProfileList reg-key being removed to start over with your profiles.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
 
http://serverfault.com/questions/450389/how-to-delete-domain-user-profile-from-a-computer
 
This seemed a bit drastic of a step to wipe out all profiles. I examined the keys within the ProfileList key and found that the reg_string "ProfileImagePath" in each key corresponded to which user was assigned to the GUIDs listed.
 
I then exported out the registry (cuz you never know) and searched for keys and values and "match whole string only" checked with the user's GUID as the search parameter.
 
I removed all keys and values presented except for some that did not allow me to delete them. Once I reached the end I performed another search of the same GUID with ".bak" at the end of it if it was listed in the ProfileList key. I removed all keys and values.
 
reg-list.png
 
I then rebooted and logged into the computer with the account that was manually removed: success "Hi" screen pops.
 
Finally I finished by performing the same steps for the other affected users on the system. Once the profiles were recreated I was able to transfer the information from profile folders that were renamed.
 
Hope this helps.
 
0 Kudos