Skip to main content
Super User

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

5
  • I read this question without knowing who asked it, and I was surprised to see that it was somebody with more experience (and rep) than myself.  (0) You have a user account with an account name of user?  Really?  (1) I suspect that an account called user could still be an administrator account.  (1a) Please show us the output of net user %username% | find "Group".  (1b) What happens when you run netplwiz?  (For good measure, try running it both from CMD and from Explorer.)  (1c) whoami /priv | find "Enab" might also be interesting.  … (Cont’d)
    – Scott - Слава Україні
    Commented Jan 24, 2021 at 7:06
  • (Cont’d) …  (2) The obvious, standard question:  Has this system been working properly, and this behavior started suddenly?  (What else changed/happened recently?)  Or has it been doing this forever, and you’re just asking about it now?  Or is this a fresh install?  (A fresh install of Windows 7?)  (3) The semi-obvious, dumb question: are you sure you’re not in Safe Mode? … … … … … … … … … … … You know the drill: please do not respond in comments; edit your question to make it clearer and more complete.
    – Scott - Слава Україні
    Commented Jan 24, 2021 at 7:06
  • @Scott I have expanded the question to cover your enquiries
    – barlop
    Commented Jan 24, 2021 at 8:22
  • 1
    In TaskManager, add the cols, "Elevated" and "UAC Virtualization". What is Elevated state of Explorer,the parent process of the cmd. Is that "Elevated=No", "UAC Virtualization-disabled"? Maybe focus on the parent proc rather than the child. I would also launch the cmd.exe with Process Monitor running. Confirm, In the Tree view, it is the child of the checked Explorer.exe process above and check the CreateProcess operation by Explorer.exe to launch cmd. Specifically the stack that is calling CreateProcess. It would be good to check there are no third party modules. Maybe paste a screenshot.
    – HelpingHand
    Commented Jan 24, 2021 at 9:46
  • @HelpingHand Thanks. I have updated it to cover your enquiries
    – barlop
    Commented Jan 25, 2021 at 23:35