none
"you cannot logon because the method you are using is not allowed on this computer"

    Question

  • Hello,

    I am running into the error "you cannot logon because the method you are using is not allowed on this computer" when I am trying to log into my Windows 7 work station that is joined to my domain.

    I have seen the other threads here, but they've been inactive for awhile and I'm not sure they completely apply to my situation so I figured I would make a new thread

    I am taking an Active Directory course at my college, and the setup we have is a Windows Server 08 R2 domain controller, with a Windows 7 Enterprise workstation, all virtualized through system center.

    One of the activities it to create an account called salesperson in an OU called "Marketing" and then sign into it from the Win7 workstation. When doing this I get the error "you cannot logon because the method you are using is not allowed on this computer".

    I am able to succesfully login however, with an account called jradmin, which resides in another OU. There is nothing different between the two users' properties that I can see, both belong to the Domain Users group, which have rights to login locally.

    Here is what I've tried so far:

    -Removed and re-joined the Win7 workstation to the domain. Deleted the group object for the computer from AD, restarted both workstation and server: No luck

    -Added the salesperson user account to the account operators and backup operators group as they have permissions to login from the domain: no luck.

    -Copied the working jr admin account and made a new user in the same OU. Tried logging in from the Win7 workstation : no luck. This one puzzled me as I assumed that a copy of a working account would have the same rights.

    - Logged in as jradmin on the Win7 work station, checked group policies and made sure that deny login locally was not checked for other users.

    - Checked the domain controller policy. Nothing set to  deny other accounts from logging in. I assumed this was a policy issue, but I haven't been able to find one.

    -Deleted the salesperson account and the OU it resides in, created it under the domain controller. Tried to login again. No luck. The account is not disabled or locked out either.

    The jradmin account can still login all this time, and I've done a side by side comparison of what groups the accounts belong to and their permissions, and even when the account is identical, it still can't login to the domain from the Win7 workstation.

    I ran out of time in my lab yesterday, but I have to fix the issue as it's likely going to impact future labs in the course, if multiple users can't login from the workstation. I have the option of creating another Win 7 VM on which to connect to the domain, which I'd like to try - and my other option is demoting my domain controller and starting from scratch.

    I plan on trying another VM for the workstation first, but if the issue is with my domain controller, I'd rather find another way to fix it than demoting it,etc.

    Any help would be appreciated

    Saturday, September 28, 2013 2:57 PM

All replies