[German]Does Windows Defender in Windows (and Microsoft Security Essentials, MSE) cause user profiles to break and the user to log on with a temporary profile? Here is a short snippet of information on the subject.
Advertising
A user reported sporadically sign in issues
German blog reader Stefan contacted me during last weekend, and reported a strange issue. When attempting to log in, he received from time to time a 'We can't sign into your account' message.
The message says "We can't sign into your account. This problem often get fixed by signing out of your account and then signing back in." . Stefan wrote that he observed the issue under Windows 10 version 1607 since several weeks.
The error message after system startup then looks like in the picture above. In my case, a reboot helped, then it worked again. However, I'm facing the issue sporadically again and again. Since Defender was disabled, the problem seems to have been fixed.
The error occurs during the boot up phase, after the user clicked onto his/her account's logo and entered a password.
Some background information
Obviously Windows can't load the user profile and creates a temporary user profile. If the user clicks Dismiss he can work with Windows, but all personal settings and files within the user folders are missing. Files created or changed will be lost after log out.
Advertising
Microsoft has published KB article 4027881 with workarounds. There are several reasons why the user profile cannot be loaded (see here). In addition to a damaged or deleted user profile, a blocked profile can also be the reason. This can be caused by a system service or an application.
In many cases, a complete restart of Windows (for Windows 10, hold down the Shift key and select Restart from the Start menu) will help. In some cases, you may need to disable Quick Start in Windows 10 to resolve the problem.
In business environments, group policies could be used to prevent the user from logging on with a temporary profile (see here and here).
More cases reported
Stefan posted a link to this German Technet forum thread, where a user describes this behavior for Windows 7 and Windows 10 IoT:
we have had the problem for a week, which now already hits on over 100 Windows customers on startup with a temporary user profile. We know the solution in principle -> the restoration of the original user account via the registry.
The whole thing is probably not an isolated case, but occurs there with a number of customers. As already mentioned above: Broken user profiles are often an indication that software is running around and damaging the profile. In my German blog post I detected Avira SpeedUp or CCleaner as a cause. At ten forums is also a thread dealing with this issue. Also here is a similar discussion with proposals to fix it – but that's dealing with a different root case. I found the questions, the thread creator mentioned within Technet, interesting.
However, we wonder why this suddenly happens to so many customers, both with Windows 7 Pro and Windows 10 IoT Enterprise based systems.
There are more customers facing this problem every day, sometimes several times with the same system. Support has become a real challenge by now, so we would be very happy to receive a tip or information about what it could be and how we can possibly counteract it. We have already spoken to Microsoft Support but have been referred to this Technet forum.
Microsoft support was not very helpful. Affected users have to dentify the disturbing component. The thread creator has already been able to exclude several causes. Thus, the problem systems are all provided with the same installation image. The systems have been running for years without any problems. What's in common: Windows Defender (or Microsoft Security Essential) is installed on the machines. A third party antivirus solution could not causing this issue.
There was also a mention of an autologon (which is a source of many evils) and I would have guessed the cause. The person posted at Technet forum wrote that he can exclude Autologon after tests, and no network profiles are used, only local profiles.
Windows Defender seems the root cause
I had already posted the workaround of blog reader Stefan above: Since he has disabled Windows Defender, the problem seems to have been fixed. Windows Defender and Microsoft Security Essentials (MSE) are also mentioned as troublemakers within the Technet forum thread. The user wrote:
… we thought about the common features of the systems, because it would be quite a coincidence if so many systems with Win 7 and 10 had such a problem in such a short time.
One of the few things in common was MSE and on Win 10 the Defender. As soon as we have deactivated it for testing on a few systems, the problem no longer occurs.
So it seems to be the MSE/Defender updates or something like that.
During Writing the German blog post, I stumbled upon this (German thread at Microsoft Answers reporting the same issue for Microsoft Security Essentials (MSE) in Windows 7. Maybe it will be helpful.
Similar articles:
Windows: Yes button in user account controls is disabled
Advertising
I have more than 10 pcs in my shop with this problem! Easy fix but it will be nice to be sure what caused it.