Hi Everyone,We have recently upgraded the domain and included a x64 Server 2008 Domain Controller.We have come across and issue where when anyone besides the "Administrator" account logs into the 08 DC theyreceivea blank desktop with no icons, or running programs. Pressing Ctrl+Alt+Del will bring up the usual display and allow you to log off but trying to start the Task Manager will seem unresponsive.Another account logged in as "Administrator"can see that the otherAdmin account is only running ServerManager. This happens when otherAdmin logs in both Locally and through RDP.If we Disable UAC the otherAdmin account logs in with no issue.using the otherAdmin account on any other server causes no issues.Is there anyway to allow the otherAdmin to login as well as enable UAC?

On a user having this problem, check the registry's HKU\<User-SID>\Software\Microsoft\Windows\CurrentVersion\RUN key for any presence of "unusual" entries. Try deleting these entries (should you find any). Verify also the autostarting entries and services as one of these may be running under the user context but requires admin-level privileges to run. Regards, Salvador Manaois IIIC|EH MCSE MCSA MCITP|Server/Enterprise AdminBytes & Badz : http://badzmanaois.blogspot.com

Still couldn't get it to work.Had changed some Group Policies that refer to UAC and still had no effect.Ran all the Windows updates, still no effect.

Hi maumann, According to the description, as this problem only happens when the UAC is enabled, it seems that users are removed from some permission so that userinit.exe or winlogon.exe could not be run. When an administrator logs on, the full administrator access token is split into two access tokens: a full administrator access token and a standard user access token. During the logon process, the administrative privileges and user rights in the full administrator access token are filtered away, resulting in the standard user access token. The standard user access token is then used to launch the desktop. Here in this case, the Users group doesn't have any permission so the standard user access token for the administrative account doesn't have any permission. So, when an attempt is made to launch explorer.exe using the standard token it fails of course and you end up with a black screen of nothing. When UAC is turned off, there is only one token generated for the administrative userthe full privilege access token, which is why this doesn't happen when UAC is turned off. Unlike previous versions of Windows, Windows Server 2008 and Vista makes a distinction between the built-in Administrator account and members of the Administrators group. The built-in Administrator account still has full read/write access to the computer and runs with the full administrative access token. UAC administrators are also members of the local Administrators group, but they run with the same access token as standard users. If you remove all the permissions from the Users group and UAC is turned on, this problem will happen. When UAC is turned on, the Administrative users need to be members of the Users group, by default this is through the Interactive or Authenticated Users groups. If these two are removed from the Domain Users group, you will need to either add a group the user is a member of to the local Users group or else add the user directly to it. The user group configuration may be configured via group policy. You may also need to check the group policy configuration to verify it. Meanwhile, please logon the system with the other admins' account, after the desktop occurs, you may try to right-click on the desktop, select View, and select "Show Desktop Icons" to see if there are some thing difference. You may also try the following steps to allow some icons shown on the desktop. Right-click on the desktop -> Personalize -> Change Desktop icons -> Select the checkbox "Computer", "Recycle Bin", "Users Files", "Control Panel", "Network" Hope it helps.David Shen - MSFT

Fixed,The Domain Users group was not a member of the builtin users group.Thanks for your help.