Built-in Guest account errors

if login as Built-in Guest in windows 10 - explorer.exe permanent crashes and restart (desktop blinking). i found that error was in "virtual TokenBrokerMonitor::~TokenBrokerMonitor()" destructor - referenced some 0 pointer.

just before this was next string in debug output:

shell\roaming\settingsynccore\settingmonitor\tokenbrokermonitor.cpp(75)\SettingSyncCore.dll!00007FF9219C3000: (caller: 00007FF92FC8C524) ReturnHr[PreRelease](1) tid(f5c) D0000022

also now Guest account not listed under User Accounts\Manage Accounts . i research this too and found next:

in usercpl.dll was next code

NTSTATUS CUserManager::_HandleGuestAccountTile()
{
  if (_IsGuestAccountEnabled())
  {
    if (m_bNotShowGuest) _RemoveGuestTile();
  }
  else
  {

   ...

  }
}

and

NTSTATUS CUserManager::Initialize(ILocalMachine*, ILogonEnumUsers*, int, int)
{
  m_bNotShowGuest = true; // this statement is unconditional - always execute
}

as result _RemoveGuestTile(); always called. if remove m_bNotShowGuest = true; statement - Guest Tile begin shown.

so look like somebody special disable activation of Guest account, instead of fix bug in TokenBrokerMonitor::~TokenBrokerMonitor(). creative solution :)

Well researched.  Perhaps MS will get around to fixing the explorer crash/reload loop.

I activated the in-built Guest account August 01, 2015, by  following the howto-connect.com instructions (net user guest /active:yes from an elevated command prompt (right-click Start/Windows button and select Command Prompt (Admin)).  Guest then appeared in the list of available accounts on the lock screen.

I have, in the past couple of days, activated the Guest account on two more Win 10 PCs.  The command line echoed that this had succeeded, and Guest appears, as one of the alternatives, when I click on my account name at the top of the Start Menu, but when I select it, instead of switching to the Guest account which is not password protected, it takes me to the lock screen, where Guest is no longer shown.

Microsoft appear to be suppressing the Guest account, for reasons that I/we do not know.  We should be told.

need understand that exist 2 different points which control are we can login in account.
1.) account can be enabled or disabled in SAM database (UF_ACCOUNTDISABLE bit)
2.) account have some rights. if account have SeDenyInteractiveLogonRight - we cannot login in account and it not dispalyed in log screen.

so for activate account we must do 2 steps.
1.) remove UF_ACCOUNTDISABLE bit (by calling NetUserSetInfo)
2.) remove SeDenyInteractiveLogonRight ( by calling LsaRemoveAccountRights)
however most(or even all) ways in "Windows 10 Tips – Enable Administrator, Guest Account" - do only first step (remove UF_ACCOUNTDISABLE bit). but not second step (remove SeDenyInteractiveLogonRight)
usualy this step is proccessed in User Accounts\Manage Accounts cpl (turn on/off account - remove/add SeDenyInteractiveLogonRight). but in current windows 10 build Guest tile is artificially removed, as i wrote in first post

need understand that exist 2 different points which control are we can login in account.
1.) account can be enabled or disabled in SAM database (UF_ACCOUNTDISABLE bit)
2.) account have some rights. if account have SeDenyInteractiveLogonRight - we cannot login in account and it not dispalyed in log screen.

so for activate account we must do 2 steps.
1.) remove UF_ACCOUNTDISABLE bit (by calling NetUserSetInfo)
2.) remove SeDenyInteractiveLogonRight ( by calling LsaRemoveAccountRights)
however most(or even all) ways in "Windows 10 Tips – Enable Administrator, Guest Account" - do only first step (remove UF_ACCOUNTDISABLE bit). but not second step (remove SeDenyInteractiveLogonRight)
usualy this step is proccessed in User Accounts\Manage Accounts cpl (turn on/off account - remove/add SeDenyInteractiveLogonRight). but in current windows 10 build Guest tile is artificially removed, as i wrote in first post

Do we do this in command prompt? Regedit? Powershell? Which one we do this in?

no. i simply wrote self tool

however solution, for enable guest, can be next. you need 2 steps !

1.) first step: (remove UF_ACCOUNTDISABLE flag by calling NetUserSetInfo)
run gpedit.msc
select Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
and set Accounts: Guest account status to Enable

as alternative you can do next:

run lusrmgr.msc and Users > Guest - uncheck "Account is disable"

but, we need do and second step !
2.) second step: (remove "SeDenyInteractiveLogonRight" by calling LsaRemoveAccountRights )
run gpedit.msc (or it already run from first step)
select Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
and look for "Deny log on locally". if Guest exist here - remove it !
also be shure that under "Allow log on locally" - Guest exist (by default this is true)
(Deny log on locally
This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.)

and we got it:

but just after login as Guest we view desktop blinking (explorer crashed in infinite loop (in "virtual TokenBrokerMonitor::~TokenBrokerMonitor() from shell\roaming\settingsynccore\settingmonitor\tokenbrokermonitor.cpp - SettingSyncCore.dll" - so need be press CTRL+ALT+DEL and logout from Guest :)

if try Control Panel > All Control Panel Items > User Accounts > Manage Accounts
will be next in windows 10:
first will be called, and here notable line

NTSTATUS CUserManager::Initialize(ILocalMachine*, ILogonEnumUsers*, int, int)
{
  ...
  m_bNotShowGuest = true; // mov byte ptr [rcx + 381h],1
  ...
}

than called

NTSTATUS CUserManager::_HandleGuestAccountTile()
{
  if (_IsGuestAccountEnabled())
  {
    if (m_bNotShowGuest) _RemoveGuestTile();
    return STATUS_SUCCESS;
  }

  if (_IsGuestAccountEnabledIgnoringLogonRights())
  {
    if (_GetGuestUserIndex() <= -1)
    {
      return STATUS_SUCCESS;
    }
    if (m_bNotShowGuest)
    {
      _RemoveGuestTile();
      return STATUS_SUCCESS;
    }
    ...
  }
  else
  {
    if (m_bNotShowGuest)
    {
      return STATUS_SUCCESS;
    }
    ...
  }
}
(yes, code is terrible, but this is not mine)

because m_bNotShowGuest set to TRUE in Initialize, _RemoveGuestTile() is called. the name speaks for itself.

however look for notable 2 func _IsGuestAccountEnabled() and _IsGuestAccountEnabledIgnoringLogonRights()
both called NTSTATUS CLocalMachine::get_isGuestEnabled(ILM_GUEST_FLAGS, PBOOL) with different flags:
ILM_GUEST_INTERACTIVE_LOGON and ILM_GUEST_ACCOUNT
get_isGuestEnabled first awlays called NetUserGetInfo(0, GetGuestAccountName(), 1 /* USER_INFO_1 */, )
and check for UF_ACCOUNTDISABLE flag in usri1_flags, than, if UF_ACCOUNTDISABLE not set and if ILM_GUEST_INTERACTIVE_LOGON(or ILM_GUEST_NETWORK_LOGON) is in first argument - LsaEnumerateAccountRights(PolicyHandle, GetGuestSid(), ) called and search for "SeDenyInteractiveLogonRight"(or "SeDenyNetworkLogonRight") string. as result NetUserGetInfo called 2 time, but this is very slow function.
code (in CUserManager::_HandleGuestAccountTile) is terrible. for this it is necessary to kill (to dismiss)

when i under debugger set  m_bNotShowGuest set to FALSE - i got ability to manage guest account

I am able to access the Guest account. Now, can we get a fix for the blinking desktop that appears after logging in to the Guest account?

Thanks

desktop blinking by crash in SettingSyncCore.dll. only microsoft can fix this bug. however i try look - what be if rename/delete this dll. i assume that this dll not critical important for system. i change owner of this dll from TrustedInstaller to Administrators. and then change permissions - for got full control for System and Administrator. after this i rename file to SettingSyncCore.dl_. than logoff. after login again under admin account - all work. i not found side effects after "deleting" this dll. system work normal. then i try login as Guest. now desktop not blinking. here all ok. but - i just view that many functions not work. first of all - start button - not work. most icons in tray not working. when i try personalize desktop or change display settings - i got errors. very many functions not work under Guest. i even cannot "normal" logoff - need press CTRL+ALT+DEL for this. so conclusion - Guest account not in working state in current build. and microsoft special and artificially disable Guest tile under Control Panel > All Control Panel Items > User Accounts > Manage Accounts . now all questions for microsoft only

however solution, for enable guest, can be next. you need 2 steps !

1.) first step: (remove UF_ACCOUNTDISABLE flag by calling NetUserSetInfo)
run gpedit.msc
select Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
and set Accounts: Guest account status to Enable

2.) second step: (remove "SeDenyInteractiveLogonRight" by calling LsaRemoveAccountRights )
run gpedit.msc (or it already run from first step)
select Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
and look for "Deny log on locally". if Guest exist here - remove it !
also be shure that under "Allow log on locally" - Guest exist (by default this is true)

Brilliant, many thanks!

Hi there,

Apologies for the somewhat off-topic question but I'm trying to find the debugger you're using and I've googled Z-Dbg but it doesn't yield any useful results?

Also, further n00b question, but how does one reverse-engineer the source codes for dlls?

Thnx

V.

this is my private debugger. for dlls exist only pdb symbols