locked
Can't logon locally with a user, after installing Active directory, plz help RRS feed

  • Question

  • We are first year student in a IT education. We're working on a projekt where we have to Install Active directory on windows server 2008. We followed an installation guide step by step. Then we created a User by doing the following.
    open Server Manager
    Open up the Roles section — next to Active Directory Users and Computers section and finally the
    Active Directory Users and Computers
    We found our domain and we right clicked on the Users section. Then clicked on the New and selected User.
    So far so good....  
    The problem is that the User we created should be able to logon our domain locally. There is no problem with logging in as Administrator, but when we try logging in with the User we get this message:

    You can not log on because  the method you are using is not allowed on this computer. Please see your network administrator for more detail


    We had read this post
    http://social.technet.microsoft.com/Forums/en-US/winservermanager/thread/f393d9c3-926a-4368-968c-4b8a024c0536


    And we did the following:
    For a domain controller, you need to configure the security setting in Default Domain Controller Policy GPO:

     

    1.    On the Windows Server 2008 domain controller, click Start, type gpmc.msc in the Start Search box, and press Enter to open the Group Policy Management console.

    2.    In the Group Policy Management console, expand <You Domain>\Domain Controllers, right-click Default Domain Controller Policy, and click Edit.

    3.    In the Group Policy Management Editor window, expand Computer Configuration\Windows Settings\Security Settings\Local Policies\User Right Assignment, and then you will see the security setting Allow log on locally in the right pane.

    4.    Double-click the security setting Allow log on locally, click Add User or Group tab, click Browse, type domain users in the box, click Check Names, and click OK three times to apply the settings.

    5.    On the Windows Server 2008 domain controller, run command gpupdate /force to apply the policy.

     But we still get this message when we try to logon with our User:
    You can not log on because  the method you are using is not allowed on this computer. Please see your network administrator for more detail

    Hope someone can help us.

     

    Monday, May 11, 2009 8:05 AM

Answers

  • Hello IT Students,

    To make the domain user (ex. contoso\test) can logon the domain controller locally, we may need to check and verify that the user name has been add into the "allow log on locally" list in the form of domain\username (ex. contoso\test)

    Then, please modify the that the policy setting has been configured in both Default Domain Controller Policy and Default Domain Policy.

    Furthermore, since this policy setting is a computer configuration and we may need to restart the domain controller to make it take into effect. Running Command gpupdate /force is not enough.

    Please refer to the above and restart the domain controller to see if you can logon the domain with the user account locally.

    Hope the information can be helpful.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by IT Students Thursday, May 14, 2009 10:34 AM
    Tuesday, May 12, 2009 8:17 AM

All replies

  • Hello IT Students,

    To make the domain user (ex. contoso\test) can logon the domain controller locally, we may need to check and verify that the user name has been add into the "allow log on locally" list in the form of domain\username (ex. contoso\test)

    Then, please modify the that the policy setting has been configured in both Default Domain Controller Policy and Default Domain Policy.

    Furthermore, since this policy setting is a computer configuration and we may need to restart the domain controller to make it take into effect. Running Command gpupdate /force is not enough.

    Please refer to the above and restart the domain controller to see if you can logon the domain with the user account locally.

    Hope the information can be helpful.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by IT Students Thursday, May 14, 2009 10:34 AM
    Tuesday, May 12, 2009 8:17 AM
  • Thx It was a great help. Now it works.

    Thursday, May 14, 2009 10:36 AM
  • Hi IT Students,

    I am glad to hear that the information was helpful for you. Thanks for you effort.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, May 15, 2009 3:20 AM
  • Thanks very much. It save me.
    Thursday, December 17, 2015 2:02 PM