Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1000 Source: Userenv

Windows cannot log you on because the profile cannot be loaded.  Contact your network administrator. DETAIL - <details>.
In my case, none of the suggestions worked, but I was able to resolve the problem. I needed to add the "Bypass Traverse Checking" permission to the problematic user (See the link below for details on this user right).
As per Microsoft: "UPHClean monitors the computer while Windows is unloading user profiles and forces resources that are open to close. Therefore, the computer can unload and reconcile user profiles". See ME837115 to get the Microsoft User Profile Hive Cleanup Service (UPHClean).

- Details: Insufficient system resources exist to complete the requested service - See ME189119.
- Details: Access is denied - See the link to "Citrix Support Document ID: CTX105618" for information on this event.
- Details: Access is denied - The problem ended up being that there was no user folder in “Documents and Settings” with the username of the user. To remedy this problem you can do one of the following:
1. Give the user domain admin rights -> log on -> log off -> remove domain admin rights. The default user profile has been copied and the user should be able to logon.
2. Copy the Default Profile folder to the folder with the username of the user. Give the user full control over this folder.
"The system cannot find the file specified". According to ME248040, you receive this error message if the Default User folder, in the Documents and Settings folder is missing. Recreate the folder and leave it empty. It will inherit the right permissions.
"There is not enough space on the disk". This is due to disk quotas, see ME288750. Increase the quotas so that the user has at least 2MB of free space.
I found that this error occurs when the "Default Users" and the "All Users" profile directories have incorrect security or are damaged. Windows will try to log you in with a default profile but will fail unless you have sufficient permissions.

Symptoms: The user can successfully log on to a Windows 2000 Server, domain controller or member server, but cannot load profile information unless the user is of the administrators group on that machine. This was accompanied by an error (1F) given when logging on via a Citrix ICA connection, again only if the user was not an administrator.Windows 2000 Workstations were uneffected by this.
A timed message box would appear when logging on the console of a Windows 2000 Server with the same error message as in the event log. Clicking "OK" would return the user to the Ctrl-Alt-Del screen.

Problem: This was an error with the Group Policy Objects being applied through Active Directory in that Default Group Policy was somehow linked to two different Group Policies. The fix Microsoft gave me: "Unlinking, NOT DELETING, the Default Group Policy (see the link below), refreshing policy information and logging all users off and then back on fixed the problem. This did not effect any newly created policies, just the Default Group Policy made when installing Active Directory."
Cause: Permissions for EVERYONE on the share on PDC, that points to the location of roaming profiles, have been removed. More Info: Error 1000 and User Profiles (ME185198).

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.