locked
You cannot log on because the log on method you are using is not allowed on this computer. RRS feed

  • Question

  • I am getting this message on every computer on my domain on all accounts apart from one even though they are set up the same way.
    Sunday, May 24, 2015 11:01 PM

Answers

  • Hello Ben1551,

    In order to be able to log on a domain machine you will need to validate if this settings are correct:

    - "Allow log on locally"
       This is a setting place under {Computer Settings\Windows Configuration\Security Configuration\Local Policies\User Rights Assignment} within the Local Computer Policy. By default you will have "Administrators", "Users" and "Backup Operators" security groups.

    - "Deny log on locally" 
       On the same location as "Allow log on locally" policy, validate that this is Empty.

    At this point we are looking locally on the domain machines but this two policies could be changed by a GPO applying to the computer and preventing your accounts to log in.

    - "Log On To..."
       This is a setting within the domain user object properties placed on the Account tab, validate that this is Empty in order to be able to log on all the computers in your domain.

    I hope this info help you to reach your goal. :D

    5ALU2!
    • Proposed as answer by cguan Monday, May 25, 2015 5:52 AM
    • Marked as answer by Mary Dong Friday, May 29, 2015 1:09 AM
    Monday, May 25, 2015 1:11 AM

All replies

  • Hello Ben1551,

    In order to be able to log on a domain machine you will need to validate if this settings are correct:

    - "Allow log on locally"
       This is a setting place under {Computer Settings\Windows Configuration\Security Configuration\Local Policies\User Rights Assignment} within the Local Computer Policy. By default you will have "Administrators", "Users" and "Backup Operators" security groups.

    - "Deny log on locally" 
       On the same location as "Allow log on locally" policy, validate that this is Empty.

    At this point we are looking locally on the domain machines but this two policies could be changed by a GPO applying to the computer and preventing your accounts to log in.

    - "Log On To..."
       This is a setting within the domain user object properties placed on the Account tab, validate that this is Empty in order to be able to log on all the computers in your domain.

    I hope this info help you to reach your goal. :D

    5ALU2!
    • Proposed as answer by cguan Monday, May 25, 2015 5:52 AM
    • Marked as answer by Mary Dong Friday, May 29, 2015 1:09 AM
    Monday, May 25, 2015 1:11 AM
  • Hi Ben1551,

    Thanks for your post.

    Besides YoElPirra's suggestion, please also check from the following settings.

    The local group policy allow user to logon. However, domain group policy which overrides local policy doesn't allow users to logon locally. The resolution is modify the domain policy to allow users to logon locally.

    The domain policy allows domain users to logon locally, but the local policy doesn't and the domain policy doesn't apply to the computer. The fix is running gpupdate to force to update the domain policy.

    Firewall blocks the communication between the client and domain controller. The solution is disabling firewall or re-configuring it to allow to access the domain controller

    Best Regards

    Mary Dong

    Monday, May 25, 2015 5:24 AM