My PC has developed a problem this week for any user account which is a local administrator.

System boots as normal and you can select which account to log in as. If however the account you choose is a local administrator, after the password is entered, it says wait and then the screen goes black. Mouse is still available and you can ctrl-alt-del to get to the task manager. Nothing else though.

You can restart in safe mode and access any account.

If an account is downgraded to a standard account, you can log in perfectly well. As soon as you are upgraded to administrator rights, it goes back to the black screen right after you have entered your password.

Help!!!!

If however the account you choose is a local administrator, after the password is entered, it says wait and then the screen goes black.

Sounds like something's crashing.  I would try running ProcMon with its Boot Logging to try to uncover it.  You could also trace the normal case and then have two .pml files to compare for their essential differences.

BTW you mention getting into TM but didn't say what you saw then.  E.g. was explorer.exe running?  If not that would explain your symptom and be even easier to diagnose.  E.g. find out why it was crashing or not being started.  It would probably also mean that you could start ProcMon first and then try starting explorer.exe (both via TM) and then have a much simpler trace to analyze.

Also, if explorer.exe is crashing, there a several known causes which you could just check as guesses without doing any diagnosis at all.

Good luck

Thanks for your post Robert.

I've never used ProcMon before and it looks complex! Is there anything obvious I should be looking for?

TM shows no applications running on the black screen users. I tried to use TM to start explorer.exe and whilst it accepts the command, nothing happens right away.

I had to go out for a while earlier and left the PC on the black screen. When I returned some hours later you could see the desktop for that user. Looks like explorer.exe is taking hours to load.

Any thoughts on why?

Thanks.

Hi BlokeCalledChris ,

When did this issue occur ? Have you tried to create a new administrator account to have a check (the present account profile may have suffered a corruption )?

If the issue occurred recently ,I recommend you to perform a system restore to recover the machine to a previous point to have a check .Please note that you will lose some configurations after the restore point .

You can restart in safe mode and access any account. When I returned some hours later you could see the desktop for that user. Looks like explorer.exe is taking hours to load.

Considering it works correctly in safe mode ,there is a possibility that some third party software service conflicts exist when we boot from the administrator account .It is recommended to perform a clean boot to have a troubleshoot .If that is the issue ,we can troubleshoot the issue with  dichotomy to capture the culprit.

How to perform a clean boot in Windows

http://support.microsoft.com/kb/929135

Best regards

I've never used ProcMon before and it looks complex! Is there anything obvious I should be looking for?

I usually suggest just trying to find out if there are any diagnostics being generated.  E.g. make sure that File Access events are being shown and then create a filter for Operation Is WriteFile.  Use the Count... tool to show all the unique Path fields involved.

Otherwise, just using Process & Thread events might be a good place to start.  You could really cut that view down by using a filter like  Operation Begins with Process  Then look at the Process Exit event to see if it gives you a clue about why it is ending.  But especially if you see a Process Exit for explorer.exe you would know that that was unexpected and then turn off the filters to try to understand why it happened.  Etc.

TM shows no applications running on the black screen users. I tried to use TM to start explorer.exe and whilst it accepts the command, nothing happens right away.

Which view of TM are you using?  Sounds like you may need to use More Details to get into the Details tab.  It also sounds like you should be sorting by CPU% descending to find out if there is something that is running out of control.

Looks like explorer.exe is taking hours to load.

But why?  E.g. is it crashing in a loop and eventually somehow getting out of that?  Is something else looping at first, taking up all the CPU% and then eventually ending its rogue ride?  See if there are any clues in Event Viewer for this time period too.

The fact that it works in safe mode suggests you should be analyzing the differences or doing clean-boot troubleshooting.  Unfortunately you would not be able to use ProcMon during a safe boot but you could use it while simulating one with as clean-boot testing.   Another SysInternals tool which would be very helpful for you is  AutoRuns.  E.g. compare the two lists of tasks which would be started in each mode.  Then find the minimal change in your normal boot necessary to achieve the same results in both.

Good luck