Hi Everybody!

In this blog post we are assuming you have deployed Internet Explorer as a Desktop or Published Application in  your environment and encounter some abnormalities.  

Some of the abnormalities may include the following configuration and symptoms:

  1. User logon account is configured to use mandatory user profile or hybrid when using citrix.
  2. User logs onto a new computer for the 1st time where a local or roaming profile is derived from default user profile.
  3. User logs onto a computer that would normally have cached profile which has been deleted by The "delete cached copies of roaming profiles" policy setting
  4. The "Delete user profiles older than a specified number of days on system startup" policy
  5. Explorer initialization delays during user logon - The iedkcs32.dll (Internet Explorer Maintenance) takes long time to initialize user profile, over 100 seconds
  6. Active Setup execution can delay the user logon operation.

One of the components that first executes when users logs in on windows is Active Setup. The Active Setup component registers shell32 dlls and installs stubs that configure desktop shortcuts, desktop themes, Internet Explorer, Windows Media Player, Windows Mail (Winmail) and msfeedssync.exe to mention a few.

Active Setup executes:

  • The 1st time a user logs on to a computer and builds a new profile based on the default user profile. On subsequent logons when the locally cached or roaming profile does not contain active setup entries in the ntuser.dat file.
  • Every time a user logs onto a computer with a mandatory user profile.
  • Active Setup will execute the following commands:

"C:\Windows\SysWOW64\ie4uinit.exe" -UserIconConfig
"C:\Windows\System32\ie4uinit.exe" -BaseSettings
"C:\Windows\SysWOW64\ie4uinit.exe" -BaseSettings
"C:\Windows\System32\ie4uinit.exe" -UserIconConfig
"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll";BrandIEActiveSetup SIGNUP
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll";BrandIEActiveSetup SIGNUP
"C:\Windows\SysWOW64\rundll32.exe" C:\Windows\SysWOW64\mscories.dll;Install
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iesetup.dll";IEHardenAdmin
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\mscories.dll;Install
"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
"C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE
"C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE

During the Active Setup execution the registry keys "HKLM\Software\Microsoft\Active Setup\Installed Components\%APPNAME%" and "HKCU\Software\Microsoft\Active Setup\Installed Components\%APPNAME%" are compared, and if the HKCU registry entries don't exist, or the version number of HKCU is less than HKLM, then the specified application is executed for the current user.

 

What tools can you us to help isolate these types of issues?

  • Process Monitor can be use to help find out if you have missing registry entries for the users at logon. You may find a lot of Not Found entries when accessing the Zones registry key. You can also access the user's registry key remotely while connected as a domain or local administrator and navigate to the Zones key [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones] and compared the Zones 0, 1, 2, 3 and 4 against a working client machine. If you are missing entries under any of these keys, your user profile was not able to fully created these settings during the first logon attempt. This will cause abnormal behavior when visiting internal or external websites or applications.
  • Userenv verbose logging or winlogon etl tracing. These logs can help you find out if the profile is generating any errors and give you in off clues to find out what the problem is.

 

TIP: If you have encounter issues related to the items outlined in this blog post, consider using Procmon to help you validate the behavior. One of the first actions you can perform is to:

A: Run the C:\WINDOWS\system32\ie4uinit.exe -BaseSettings at login for the problematic user and see if this fixes any issues related to IE not loading properly when in TS publish application or full desktop scenario.(Note: You may also want to run the "C:\Windows\SysWOW64\ie4uinit.exe" -BaseSettings  when using 64bit OSs.

B: Find out if the user profile is missing Zones registry keys. Importing these keys from a working profile can hel If you have IE Enhanced Security, try disabling both User and Administrator configuration. See blog post How to disable IE Enhanced Security on Windows 2003 & Windows 2008 Server silently?

 

 

Article on creating a user profiles: