Symptom: When trying to logon a computer using non administrator
ID, you may receive this message: "You cannot log on because the logon method
you are using is not allowed on this computer. Please see you network
administrator for more details."
Case 1: Group Policy' "Allow log on locally" was not setup to
allow users or domain users. To setup allow users or domain users to logon the
computer or domain, you need to add the users or domain users to the "Allow log
on locally". Please follow these steps to add the users.
1. Run gpedit.msc.
2. Expand Computer Configuration\Windows Settings\Security Settings\Local Policies
3. Click on User Rights Assignment
4. Ensure that "Allow log on locally" includes Administrators, Backup
Operators, Domain Users or Users.
2. Expand Computer Configuration\Windows Settings\Security Settings\Local Policies
3. Click on User Rights Assignment
4. Ensure that "Allow log on locally" includes Administrators, Backup
Operators, Domain Users or Users.
Case 2: Group Policy' "Deny
log on locally" was setup to deny users or domain users. To setup allow
users or domain users to logon the computer or domain locally, "Deny
log on locally" should be empty or no users or domain users in the list.
Please follow these steps to remove the users or domain users from the "Deny
log on locally".
1. Run gpedit.msc.
2. Expand Windows Settings\Security Settings\Local Policies
3. Click on User Rights Assignment
4. Ensure that "Deny log on locally" is empty.
2. Expand Windows Settings\Security Settings\Local Policies
3. Click on User Rights Assignment
4. Ensure that "Deny log on locally" is empty.
Case 3: The local group policy allow user to logon. However,
domain group policy which overrides local policy doesn't allow users to logon
locally. The resolution is modify the domain policy to allow users to logon
locally.
Case 4: The domain policy allows domain users to logon locally,
but the local policy doesn't and the domain policy doesn't apply to the
computer. The fix is running gpupdate to force to update the domain policy.
Case 5: Norton Firewall blocks the communication between the
client and domain controller. The solution is disabling Norton firewall or
re-configuring it to allow to access the domain controller.
Run GPedit.msc
Browsing to;….
> Computer Configuration\
> Windows Settings\
> Security Settings\
> Local Policies\
> User Rights Assignment\
Run GPedit.msc
Browsing to;….
> Computer Configuration\
> Windows Settings\
> Security Settings\
> Local Policies\
> User Rights Assignment\
Browse in "Group Policy Editor"
Find "Deny Logon Locally"
In “User Rights Assignment” find “Deny Logon Locally”.
Use the “Add User or Group” button to add the group from the Active Directory listing.
No comments :
Post a Comment