Group Policy FAQs

From Knowledge Base
Jump to: navigation, search

"Group Policy Client service failed the login" error

Note: There can be several causes of this error. The resolution below specifically applies when a domain user is unable to log onto any machine.

Cause: The permissions on the user's registry hive are set incorrectly.


  1. Log into a Domain Admin account.
  2. Open Registry Editor (regedit.exe).
  3. Click on HKEY_USERS.
  4. From the File menu, select Load Hive.
  5. Navigate to the user's profile folder on the appropriate network share and open NTUSER.DAT. Give the hive a name when requested.
  6. Navigate to the provided name under HKEY_USERS. Right click on it and select Permissions.
  7. If required, grant the Administrator group/user Full Control, and do the same for the appropriate user account. You may also need to assume ownership on behalf of the Administrator group.
  8. Select Unload Hive from the File menu.
  9. Ensure that the user has Full Control permisssion on their profile folder.

Prevent users logging on when loading roaming profile fails

Tested on: SBS 2003

Enable Computer Configuration\Administrative Templates\System\User Profiles\Log users off when roaming profile fails on an appropriate group policy.

Force Windows 7 Basic theme

Tested on: Server 2008 R2

Under User Configuration\Policies\Administrative Templates\Control Panel\Personalization, double click 'Load a specific theme' . Select Enable and enter '%SystemRoot%\Resources\Ease of Access Themes\basic.theme' as the 'Path to theme file' .