Case 1:
This pertains to a domain-joined account on a domain-joined computer. These legacy cmdlets (not PowerShell) have been in my quick-fixes tool box in the past:
– Run
FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log– Run
RSOP.msc to verify the result above– Edit
Gpttmpl.inf from this location:C:\WINDOWS\SYSVOL\sysvol\hooli.com\Policies\{CCA9638D-415E-4C7E-86B6-F4EE3E195303}\Machine\Microsoft\Windows NT\SecEdit\Gpttmpl.inf– Delete the SSID entry that was orphanated / mismapped
– Recompile RSOP from MMC (run as Admin)
– Delete entries from
%SYSTEMROOT%\Security\Logs\winlogon.log that references the old accountsCase 2:
Another possible cause of this error is when an old user name (with a unique SID) has been deleted while still being in-use by the system. A corrupted user profile would be another trigger. In any event, such account has been orphanated and require a rebuild. Here’s how to do that:
# Run these in PowerShell as Administrator (not as a regular user)
# Change these variables
$oldUserFolder='C:\Users\olduser'
$newUserFolder='C:\Users\newuser'
# Perform the copy
$fileNamesToSkip=@(
'Ntuser.dat',
'Ntuser.dat.log',
'Ntuser.ini'
)
$oldUserFilesToCopy=Get-ChildItem $oldUserFolder -recurse -Force -EA Ignore| Where-Object{$_.Name -notin $fileNamesToSkip}
$oldUserFilesToCopy|Copy-Item -Destination $newUserFolder -Recurse -Force -EA Ignore
# Reboot
Restart-computer
Categories:
osearth
C:\Users\admin>find /I “Cannot find” %SYSTEMROOT%\Security\Logs\winlogon.log
FIND: Parameter format not correct
kimconnect
Hi OSEarth, WordPress transposes the double quote in normal display mode. I’ve set the cmdlet lines as ‘code’ so that the ascii char for double quotes are retained.