One of more common Desktop Shell issues that we see is the dreaded “Blank Desktop” — you may have run into this at one time or another – you’ve entered your credentials and nothing but a pretty blue screen. This post discuss an issue, where a system admin deployed desktops running Windows Vista and some common user business applications, when the user received their machine and logged on, with their domain credentials. A beautiful blue background was all that he was presented with.
It was caused: Firstly, the admin had disabled User Account Control (UAC) in the interests of saving time when installing applications. When the systems were joined to the domain, the domain policy was set to enforce the use of UAC. Read more Understanding and Configuring User Account Control in Windows Vista.
Secondly, Authenticated Users and the NT AUTHORITY\INTERACTIVE account had been removed from the group. We discovered this from the output of a GPRESULT scan.