Limited User cannot connect to Internet

[Ruthe]

This is a solution, not problem. I searched here and spent over 5 hours looking around for the solution. Finally found it - for me - so I thought I'd pass it on.

There are myriad postings for this problem with no working solution except to change the user back to Admin or power user status. WRONG! This work around assumes the person with the problem has a constant internet connection. But what about the 'on demand' user? ISPs provide it, but don't advertize it.

These people have to click a Network Connection icon, usually the LAN or DSL connection before trying to access the internet. Sometimes they even have it set up with their ISP to enter their user ID and password - these are not kept by the user's machine or accessed by the ISP until they are entered by the user every time they want to log onto the internet. Actually, a great way for parents to cut down on youngsters' access to the internet. (However, it will not control where they go!)

What most people don't realize is that enabling or disabling the network connection is not allowed by the limited user as a default of Windows! So the TRUE problem is 'Limited User can not enable network connection' and therefore can not connect to the internet. If this is your problem, read on.

How to fix this problem in XP Home - similar in others. You must be logged on as an Administrator to do this.
1. Make a system restore point. Start, Help and Support, Performance and Maintenance, Using System Restore to undo changes, Run the System Restore Wizard.
2. Run registry editor. Start, Run. (type in) regedit (press) OK.
The registry editor appears.
3. Hilight/select (click once) HKEY_USERS.
4. In the menu bar select File, Load Hive.
At this point you have to navigate to the limited user. Press the up icon. You will see all your users (you will be at c:\docs and settings). Double click the name of the limited user. Let's assume it's Ruthe for this example. Select NTUSER.DAT.
5. A popup window appears asking for the key name. Type in the name of your limited user (Ruthe).
6. (in registy editor now) Open HKEY_USERS. You will see Ruthe - your limited user's name. Select that name.
7. Go down the tree to find Software. Then Policies. Then Microsoft.
8. Under Microsoft there should be a key named Windows. If it's not there, create it. (Edit, New, Key). Open it.
9. There should be a key named Network Connections. If not, create it. Hilight it.
10. Now select Edit, New, DWORD value. Give it the name NC_LanConnect.
11. Double click it (in the right hand pane) and change the value data field from 0 to 1. OK.
12. Go back up the left pane and hilight HKEY_USERS\Ruthe.
13. Select File, unload hive. Close registry editor.
14. Reboot.

Worked for me and I thank the guy in France where I found this solution.

 

[LookinAround]

Thanks for taking the time and effort to create a very well written post for others! :grinthumb I'll have to remember that solution myself (can come in handy)

 

[Ruthe]

Thank YOU for your kind words. I probably should have put this in Guides and Tutorials. Drat!

 

[AntiMoronic]

Incredible, fantastic guide. Will test this on my laptop of which has suffered this error for like forever. Thanks!

 

[ijasnijas]

thanks this helps me alot !!

 

[blessedtoes]

Help with this please!

Hi guys-
I am a user, not a techie, though I used to be very comfortable with reg edits in Win 2K. I have been searching for an answer to the above problem for literally 8 months and finally got the keywords right to find this post. First, let me say THANK YOU!
Second, I am stuck on step 5. When select "ntuser.dat" and get the window asking for the Key, I type in the account name "Kitchen Counter User" and get an error message: "Cannot load C:\Docs & Settings\Kitchen Counter User\ntuser.dat.LOG: Error while loading hive." Subsequently the user isn't added to the HKEY_USERS list, and also a new empty file titled "ntuser.dat.LOG" is created. If I try to select this file via steps 4 & 5, it creates a "ntuser.dat.LOG.LOG" etc.
I wondered if the spaces were creating a problem, so I created a new limited use profile for my daughter, "Stacey," and repeated the entire process. The same thing happened....
Thanks in advance for any insight - this is the closest I have gotten to solving a thing that should not be a problem.
With gratitude,
Matthew

 

[DelJo63]

An alternative

An alternative, less complex and far less risking - - -

run - > lusrmgr.msc

click on Groups and you will notice the Network Configuration Operators
open it
click Add and insert any valid logon you please
click OK and save the results
​

after reboot, any users in the Network Configuration Operators group
can manipulate the Network Settings, even from a LUA or UAC account

 

[blessedtoes]

Jobeard-
Ruthe was offering this for help with XP Home. Your solution doesn't seem to work in the Home version.
Once you open lusrmgr.msc, there's a big red X in the right panel that says "This snapin may not be used with this version of Windows."
If I'm missing something, or if someone can help me troubleshoot my issue loading the ntuser.dat file, I'd be grateful for clarification.
Matthew

 

[DelJo63]

Yes, I understood Ruthe's intent -- I was not aware that group management was not available on Win/XP Home.

 

[LookinAround]

Hi blessedtoes

I did a quick google based on your error message. See this link and note some one also listed modified instruction. Hope this might help

 

[DelJo63]

@Lookin...
Very interesting hack, but once loaded, the next restart of regedit will reload it again.
Would think that it would load only for the active session.

Even more disturbing: Load the Hive using an admin ID and then quit
Launch regedit under LUA and it STILL loads the other hive ...
Wonder what risks are associated here ??? puzzled ??

 

[LookinAround]

@jobeard

Good questions/points... Admittedly, i have no personal knowledge or info about this hack (i.e. never tried it) just found the google hit and passed it along (tho the link claims it worked and also they reference dougknox who usually has good info)..

 

[DelJo63]

CAVEAT EMPTOR!!

I have two ADMIN ids, & three LUAs

From one ADMIN, I loaded #1LUA and the results were as noted above.
I then logged onto the #1LUA with these exceptions:

Windows can not find xxx profile; clicked OK as there's no other choice and the desktop has yet to appear.
#$^& ; the same thing repeats

Finally get a desktop and -- guess -- all customization is gone.
In fact the ntuser.dat was rebuilt!

​

I am attempting to annihilate #1LUA (id and the files) in an effort to get regedit to drop the loaded hive.


I'll post my findings ...

 

[DelJo63]

I am attempting to annihilate #1LUA (id and the files) in an effort to get regedit to drop the loaded hive.

Well that works; after deleting the login AND the files,
regedit no longer loades the #1LUA hive.

Rather fatal to that user, however!

 

[DelJo63]

just to be fair ;;;;;

since loading SP3, my system has a few issues, but regedit has never been one of them

 

[blessedtoes]

Hi guys-
Thanks so much for all the feedback. Unfortunately a lot of what you said is over my head since I am not a techie.
LookinAround it seems that the page you linked essentially gives the same direction as what Ruthe posted - if there is a substantial difference I don't see it.
Your comments on the test you ran jobeard are also over my head - are you saying this is a dangerous approach? Between the "Active session only" and "Fatal to that user" I am disinclined to keep working on this from this angle.
Is it just me, or does it seem ludicrous that the most popular OS (I am not saying the best OS lol) is set up so that only admins can get online? Especially in a home version. I can see the value of that control in a corporate setting, but even then it seems like there should at least be an option!

 

[DelJo63]

Be patient .. XP home or pro actually does get online for non-admin login's
The home version needs to use the admin to config the net or the router, but 99% of the time
that goes well. When your issues are resolved, you can too.

That other stuff {CAVEAT EMPTOR!!} and loading other user profiles --- that's a "red herring" for you, just ignore it all and certainly DON'T use it.

 

[LookinAround]

Well that works; after deleting the login AND the files,
regedit no longer loades the #1LUA hive.

Rather fatal to that user, however!

@jobeard
I just now also followed your same steps, i.e.
1. Created Limited User Account (LUA)
2. Loaded the LUA Hive from the Admin Account
3. Logged off of Admin and logged in as the Limited User and ,yes, Windows also gave me error messages as you said (e.g. it couldn't find the LUA's profile)

HOWEVER... When i repeat your steps 1 and 2 and above and then Reboot (instead of logoff/login) the hive is unloaded and i can login to the limited user again (after the reboot) just fine

Note if you look back at Ruthe's instructions, after finishing the hive edits, (see step #14) Ruthe says to Reboot
/* edit 2 */
I just noticed the first "ghack" post failed to mention it but the other post in that ghack thread also warns about first Unload Hive before logging on

@blessedtoes
Regardless of above findings, your problem still seems to focused on you can't even load the hive. fyi... i tried creating two new LUAs on my machine: one with and one without embedded spaces, and i could load the hive just fine in both cases. So not sure why you seem to have this problem

/*edit *
@blessedtoes: Let me also check, are you sure your Limited User Account is logged out when you try to access the hive as Admin? (i.e. if you're "Switching Users" it won't work. Make sure the Limited User Account is logged out

 

[LookinAround]

just to be fair ;;;;;

since loading SP3, my system has a few issues, but regedit has never been one of them

@jobeard
Re: few issues since updating to SP3

I think your SP3 update issues are unusual for anyone updating at this point in time (i.e. this late after the initial SP3 release). So i can't help but wonder if your problems are due to SP3 or is a side affect of whatever caused your update to not go smoothly in the first place when you ran the install update (if i recall, didn't you get many messages about missing files or such?).

/* edit */
@blessedtoes: Which makes me curious to ask... Are you running SP3 with all updates? not sure if you indicated such yet

 

[blessedtoes]

Yes, Lookinaround, I am fully current on updates. I can't get the hive to work no matter what Googling I have done. The only thing I can think to do is reinstall/repair the OS.

 

[LookinAround]

Not sure if this gets us anywhere but here's some things you might try

1. Boot into safe mode. Immediately log into your Admin account and try again

2. If this still fails, let's check if Windows will simply let you open either ntuser file using Notepad. If it denies you access, let's see what error message says. (if need be we can check NTFS permissions later)

Start->Run, enter notepad. Click File->Open and navigate to the Doc and Settings / Kitchen User account and try to open the ntuser.dat file and ntuser.dat.log files with Notepad. Does Windows allow either?

 

[blessedtoes]

LookinAround-
Thanks for your continued help on this. As for a question you asked some time ago I didn't see, yes I am actually restarting between procedures versus logging between or switching users. We have had some application functionality issues in the past when both are logged on so I figured it was 'safer' to restart to make sure I was avoiding issues related to whatever that problem is.
So I tried the safe mode option with no luck; hive still won't load. Furthermore, in case I didn't mention this earlier, I can't get hive to load for any of our four users, I always get the same error message.
Just to check, the "key name" I am entering is the user name.
I had no problem opening the .dat file in Notepad. The .dat file has a string with some odd chars and the file name at the end of the string. The .dat.log file is empty.
My understanding is that the goal is to get the user name to appear in the HKEY_USERS list so I can go in and manipulate the network connections settings. Based on this, I wasn't sure what to do - if anything - with the .dat file once it was opened in notepad. Also I thought it may be helpful to report what folder are in the HKEY_USERS list:

.DEFAULT
S-1-5-18
S-1-5-20
S-1-5-20_Classes
S-1-5-20-73796726.......
S-1-5-20-73796726......._Classes

In case that helps. I restarted after the failed Safe Mode attempt and checked the HKEY_USERS folder list again, and two files had been added:
S-1-5-19
S-1-5-19_Classes

Thanks again.

 

[LookinAround]

Hmmmm... Frustrating problem you have!! A brief overview for perspective

I'm thinking your problem can be caused by either a problem with
> Your registry access permission and/or
> Your file access permission or if the file is already in use

We're using Notepad to simply test file access SUCCESS/FAIL to see if you can open both files ntuser.dat and ntuser.dat.log in the limited user account directory when logged on as Admin
> If you can successfully open both files with Notepad, the test is done. It indicates file access is OK. So just close the files without changing content. (The files contain some binary data is why it displays as gibberish)

Once you prove file access OK, then i suspect registry access. First thing that comes to mind: Anti-malware real-time protection might be disabling your registry access rights
> Unplug your network cable
> Turn off your antivirus software
> Also check and turn off any of your other other anti-malware as well (e.g. if you have Spybot Teatimer it does r/t protection as well)

Then try to load the hive again

P.S. The key name you enter isn't really important (you could simply enter blotz for key name) It's just the local name assigned to the registry hive when it's loaded for you. You should select blotz , then click regedit File->Unload Hive and reboot when you;re all done

 

[blessedtoes]

That sounds great - thanks for the tutorial!
I am wondering if ZoneAlarm or LogMeIn might be affecting the process. I almost always quit them on startup as they are so irritating (my own fault for not configuring them, I might as well uninstall at this point) but I have noticed recent versions of software like LogMeIn and AdAware restart themselves frequently.
I will try your suggestion above and if it fails I will try a Windows repair and try again, if that fails I may uninstall ZA and LMI and try again - I will report back.
Thanks so much for all your generous help!
With blessings,
Matthew

 

[LookinAround]

Hi Matthew

Glad to try and help

A few additional comments (based on your last post)
1. I wouldn't think LogMeIn should affect registry access (though, of course, with computers all most anything is possible! )

2. Do reconfigure and try turning off/disabling ZoneAlarm/AdAware/etc for your next attempt (per my last post) and all your antimalware products as they might be protecting and denying you registry access

But when you say

I almost always quit them on startup

i have to double check to ask: You do normally run with antivirus, antispyware and firewall protection don't you? (Note you should only have ONE antivirus and ONE firewall product running)

Hope your next round of tests produce good results!