none
Grant a Member the Right to Logon Locally on Windows 2008 R2

    Question

  • Hi,

    Following the indication of http://technet.microsoft.com/en-us/library/ee957044%28v=ws.10%29.aspx I try to give grants to a domain user, which hasn`t administrator rights.

    When I try to log on with his account in the domain controller, the account is configured to ask a password change the first time and effectively I can change the password, but afterwards it appears to one the following message error, that cant afford me to enter in the account.

    "You cannot log on because the logon method you are using is not allowed on this computer. Please, see your network administrador for more information"

    I would be very grateful if somebody could help me to solve this issue.

    Thanks


    Tuesday, March 12, 2013 9:30 PM

Answers

  • Hi Santosh,

    This is inly one exercise, a simple lab to learn.

    I have done edit Default Domain controller and done gupdate / force. But I am not sure what you are refering with remote dektop. I dont use    to connect to the server.

    I log off of my account in the domain controller and I try to enter, with the account of user which I have granted the rights, from the domain controller, that is when appears the error.

    The manual (70-640) says that the user can logon  via Remote desktop, and logon from the server as well.

    Regards

    The only way a user can remote into a desktop/server that is located on a domain from a remote session is by allowing them this access through the system properties under the remote tab. Then at the bottom you can select what users on the domain you want to have  access by pressing the select users button. The other way is to just make them part of the administrators group on the pc/server.

    As far as granting them local logon permissions they have to be part of one of those groups specified in the KB or specified in the default domain policy.  If you did a gpupdate /force and it is still not allowing you, try rebooting the machine to see if it makes a difference, some time even with the gp refresh it doesn't allows click.

    Wednesday, March 13, 2013 3:11 PM

All replies

  • What are you attempting to do exactly?  I'm just curious on why you would want someone to log on locally?
    Wednesday, March 13, 2013 1:50 AM
  • "You cannot log on because the logon method you are using is not allowed on this computer. Please, see your network administrador for more information"

    It appears that, you are trying to log on to the domain controller via remote desktop using the normal account.

    To allow normal user to log on to the domain controller via remote desktop, edit Default Domain controller policy, update setting " Allow log on through Remote Desktop Services " and add the desired user account.

    Please note that, allowing users to log on to the Domain Controllers is NOT a Good practice. If you are just experimenting in a lab setup, then that would be ok.


    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Whenever you see a helpful reply, click on Alternate Text Vote As Helpful & click on Alternate Text Mark As Answer if a post answers your question.

    • Proposed as answer by Emilio Ramin Wednesday, March 13, 2013 7:29 AM
    Wednesday, March 13, 2013 3:02 AM
    Moderator
  • Hi Santosh,

    This is inly one exercise, a simple lab to learn.

    I have done edit Default Domain controller and done gupdate / force. But I am not sure what you are refering with remote dektop. I dont use  http://faq.1and1.com/dedicated_servers/windows_server/windows_admin_help/mssee/3.html  to connect to the server.

    I log off of my account in the domain controller and I try to enter, with the account of user which I have granted the rights, from the domain controller, that is when appears the error.

    The manual (70-640) says that the user can logon  via Remote desktop, and logon from the server as well.

    Regards

    Wednesday, March 13, 2013 8:39 AM
  • Do you see any user/group listed in "Deny log on locally" policy setting ? Make sure, Domain Users or anything else is not listed there.

    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Whenever you see a helpful reply, click on Alternate Text Vote As Helpful & click on Alternate Text Mark As Answer if a post answers your question.

    Wednesday, March 13, 2013 8:48 AM
    Moderator
  • Hi Santosh,

    This is inly one exercise, a simple lab to learn.

    I have done edit Default Domain controller and done gupdate / force. But I am not sure what you are refering with remote dektop. I dont use    to connect to the server.

    I log off of my account in the domain controller and I try to enter, with the account of user which I have granted the rights, from the domain controller, that is when appears the error.

    The manual (70-640) says that the user can logon  via Remote desktop, and logon from the server as well.

    Regards

    The only way a user can remote into a desktop/server that is located on a domain from a remote session is by allowing them this access through the system properties under the remote tab. Then at the bottom you can select what users on the domain you want to have  access by pressing the select users button. The other way is to just make them part of the administrators group on the pc/server.

    As far as granting them local logon permissions they have to be part of one of those groups specified in the KB or specified in the default domain policy.  If you did a gpupdate /force and it is still not allowing you, try rebooting the machine to see if it makes a difference, some time even with the gp refresh it doesn't allows click.

    Wednesday, March 13, 2013 3:11 PM