Another problem with Windows security settings I’ve run into repeatedly over the years is crashonauditfail settings preventing users from logging in to Windows. This time I’ve documented the fix with Windows 7, but it’s basically the same with XP. Hopefully it will be of use to other Sys Admins that have pulled their hair out over this one.
If Windows cannot log events in the Security Log, Non-Admin users attempting to login will receive a message like: “Your account is configured to prevent you from using this computer. Please try another computer.”
You receive a message like this in Windows 7 when attempting to login with a non-administrator account:
Or Vista (Sorry if you’re still running Vista):
An administrator will have to archive and clear the logs according to your local security policy. Once the logs are cleared, the CrashOnAuditFail registry setting REG_DWORD value will have to be reset to “0x1”. If the Windows Security Logs filled up and caused a system halt or prevented users from logging in, then the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa is probably set to “0x2”. The “0x2” setting allows Administrators to login but not standard user accounts.
Editing the registry (Caution: Any changes to the Windows registry can cause your system to be unstable. Know what you are doing and make backups of the registry and important files before making any changes!)
Click on the Lsa folder:
Set the REG_DWORD value for crashonauditfail to 1 to enable this setting or back to 1 from 2 after a CrashOnAuditFail Event.
Change the value from 0 to 1.
Reboot for the registry settings to take effect and users not in the administrator group should be able to login normally. Enjoy your success until the next problem surfaces…