Mar 192013
 

After cloning a hard drive (or partition) to another drive, you may encounter an issue where Windows logs you off as soon as you log in. This is one of those annoying errors which is hard to figure out unless you understand what is happening.

Typical Scenario – You clone an entire hard drive to another one, remove the old drive and then try to boot from the new one. Alternatively you may have cloned just the system boot (usually C) partition from one drive to a new one.

After entering your username and password, you see the familiar ‘Loading your personal settings’ dialog box. However, instead of progressing to the desktop, that is immediately followed by the ‘Saving your settings dialog box’ and you are returned to the logon screen again – back to square one.

This also happens if you try to log in as a different user (or administrator) and if you try logging into Safe Mode – you are unable to get to the Windows desktop.

clone

Where has Windows gone?

Cause Of The Instant Log Off – When you login, the Winlogon process tries to run the userinit.exe file which, in turn, runs logon scripts and starts Explorer – the Windows user interface i.e. the desktop. In typical systems, Winlogon looks for this userinit file in the C:\Windows\System32 folder.

In our cloned drive scenario, Windows has reassigned the drive letter of the boot volume – instead of C: it is now something else e.g. F: drive. Therefore, Winlogon can’t find userinit (because it is now located in F:\Windows\system32 instead) so Explorer can’t load and the only option is to log you back off.

Note: if the original drive you cloned already had issues booting, or the cloning/restore software displayed errors during the process, there may be other reasons why you can’t log into the desktop so the solution below may not apply.

Why Was The Drive Letter Of The Boot Volume Reassigned? Windows uses a Globally Unique Identifier (GUID) to identify each volume/partition and assigns drive letters based on this GUID – it is this process that causes the problem.

Microsoft note: “Should the volume GUID change or be duplicated (by hard drive cloning software), the original drive letter may not be re-assigned to the boot volume” – even though your original boot volume was assigned the C drive letter, after cloning it may now get a different letter.

Fixing The Problem – This is not a straightforward fix and is recommended for more advanced users – do keep a copy of your clone/image in case you need to restore it again…

1. Edit the registry so that Winlogon can find userinit, regardless of where it is now located – this will let us logon (even though the system boot drive still has the wrong drive letter) and proceed to Step 2. However we can’t yet login to Windows so can’t just run Regedit…

We therefore need to remotely edit the registry – there are various ways to do this but if you already have access to a utility boot disc such as Bart’s PE or UBCD4Win they all have Remote Registry utilities. Alternatively, you could just slave the drive to another Windows computer and remotely edit the registry via Regedit there.

The userinit registry key to change is located in: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon

The value of userinit is typically C:\Windows\system32\userinit.exe,

Remove this (currently incorrect) full path by changing the value of userinit to just userinit.exe,

Restart into Windows and Winlogon should now log into the desktop, regardless of which drive letter the userinit file is currently stored under.

2. After logging in, make a note of the current drive letter of the system boot drive. Now use Regedit to rename the system boot drive letter back to C. To do this, follow the steps in Microsoft’s guide here – you will change C to a spare drive letter then rename the current system boot drive letter back to C.

Don’t worry about any other (non-system) drive letters at this point – change them via Disk Management later on if necessary. After rebooting, Windows should be back on the C: drive. You can now change the userinit value in the Winlogon registry entry back to the proper C:\Windows\system32\ location – but see the tip below.

Tip: before you clone a drive or boot partition it may be useful to open Regedit and change the registry location of userinit.exe to the new value shown in Step 1 i.e. remove the full C:\Windows\System32 path. This would ensure that, even if the system drive letter is reassigned after cloning, you can still login and perform Step 2 if required – much quicker than having to remotely edit the registry in Step 1 first…