Can't logon because the logon method you are using is not allowed on this computer.

All replies

• 

  

  0

  Sign in to vote

  Getting this same error, can't login to the box at all.
  
  Locally or via Domain.
  
  I've tried 2 different local accounts, same error.
  
  
  

  Can't logon because the logon method you are using is not allowed on this computer.

  
  
  
  What was the fix if you found one aside from "reinstall OS".
  
  Apparently Vista doesn't have the same repair function as XP where you can reinstall the OS portion over the top of itself.
  
  
  If it matters, I'm using Vista Ultimate.
  
  Would appreciate any info on this.
  
  

  Thursday, October 18, 2007 8:04 PM
• 

  

  0

  Sign in to vote

   

  i got the same errors with a user account. was getting some long hangs so i pulled the user from the local admins group now i get this errors. it seems to be a problem with the profiles. not really sure what to do at this point

  Monday, August 4, 2008 1:50 PM
• 

  

  2

  Sign in to vote

  I had the same problem, I changed the User account on the PC to Administrator level and it logged in ok

   

  Monday, August 11, 2008 9:02 AM
• 

  

  21

  Sign in to vote

  Symptom: When trying to logon a computer using non administrator ID, you may receive this message: "You cannot log on because the logon method you are using is not allowed on this computer. Please see you network administrator for more details."
  

  Case 1: Group Policy' "Allow log on locally" was not setup to allow users or domain users. To setup allow users or domain users to logon the computer or domain, you need to add the users or domain users to the "Allow log on locally". Please follow these steps to add the users.

   

  1. Run gpedit.msc.
  2. Expand Computer Configuration\Windows Settings\Security Settings\Local Policies
  3. Click on User Rights Assignment
  4. Ensure that "Allow log on locally" includes Administrators, Backup
  Operators, Domain Users or Users.

   

  Case 2: Group Policy' "Deny log on locally"  was setup to deny users or domain users. To setup allow users or domain users to logon the computer or domain locally, "Deny log on locally" should be empty or no users or domain users in the list. Please follow these steps to remove the users or domain users from the "Deny log on locally".

   

  1. Run gpedit.msc.
  2. Expand Windows Settings\Security Settings\Local Policies
  3. Click on User Rights Assignment
  4. Ensure that "Deny log on locally" is empty.

   

  Case 3: The local group policy allow user to logon. However, domain group policy which overrides local policy doesn't allow users to logon locally. The resolution is modify the domain policy to allow users to logon locally.

   

  Case 4:  The domain policy allows domain users to logon locally, but the local policy doesn't and the domain policy doesn't apply to the computer. The fix is running gpupdate to force to update the domain policy.

  Case 5: Norton Firewall blocks the communication between the client and domain controller. The solution is disabling Norton firewall or re-configuring it to allow to access the domain controller.

  Hope It helps!

  Insaf Muhammed

  • Proposed as answer by Insaf Muhammed Monday, March 19, 2012 7:30 AM
  • Marked as answer by Carey FrischMVP, Moderator Sunday, December 30, 2018 2:47 PM

  Saturday, February 18, 2012 10:23 AM
• 

  

  1

  Sign in to vote

  Also try unregistering and reregistering the computer in the domain/workgroup if the above tips does not apply.

  Share your experience for us!

  Insaf

  Saturday, February 18, 2012 10:25 AM
• 

  

  0

  Sign in to vote

  Thanks for the details!

  But, how can I do any of the things you suggested if i cant log in?

  running server 2008 workgroup, no domain.

  
  

  • Edited by Kijante Sunday, March 4, 2012 11:15 PM

  Sunday, March 4, 2012 11:13 PM
• 

  

  0

  Sign in to vote

  Hi,
  

  Check Remote Settings first--->Go to System - Remote setting (in the left pane of the window) - under Remote Desktop select Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) and click OK.

  Saturday, March 17, 2012 5:27 PM
• 

  

  0

  Sign in to vote

  I'm working in server that gives me the same message.but am worried the solutions provided could work.but my problem are I cant even log in.what solutions could help me out?

  Monday, September 16, 2013 7:25 AM
• 

  

  0

  Sign in to vote

  Add the user to a group on the domain controller

  Wednesday, October 23, 2013 8:34 PM
• 

  

  4

  Sign in to vote

  To add,

  In my scenario, one of the Administrators accidently remove the User group from the "Allow log locally" in the Group Policy which was found in the GPEdit located in:
  Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally

  This was correct in two fashions.

  First performing a "gpupdate /force" from an elevated command prompt on the machine or if you have pstools doing it remotely.

  The root cause was updating the Group Policy on the Active Directoy server that host user account to prevent more from happening.

  This would occur when someone restarted their computer or locked it.

  
  
  

  • Edited by Binary Light Saber Friday, January 24, 2014 5:27 PM
  • Proposed as answer by Binary Light Saber Friday, January 24, 2014 5:27 PM

  Friday, January 24, 2014 5:25 PM
• 

  

  0

  Sign in to vote

  my case is different I have this message display for only one particular user. other people can logon to the sever through the same computer she is using but when she try to use her account the the message comes up
  

  Thursday, April 17, 2014 10:59 AM
• 

  

  0

  Sign in to vote

  Assalam Alikom Wa Rahmatou Allah Wa Barakatoh

  - you have four options to check\Apply to ensure user logon on RODC :

  1- Add the user to the " Allowed RODC Password Replication Group" .

  2- Add\Allow the user to the " Password Replication Policy Tab of the RODC " .

  3- Add the user to the "Log On Locally Security Policy of the Default Domain Controllers Policy GPO" .

  4- Prepopulate the user Password .

  options ( 2-4 ) are logically the correct answers , but you can try them all and once it worked , you can unapply ( 1-3 ) options .

  ------> Restart your Computer and Now try to log on .

  thanks .
  
  

  • Edited by iMounir Friday, April 18, 2014 3:16 PM

  Friday, April 18, 2014 3:06 PM
• 

  

  0

  Sign in to vote

  Generally " Allow log on locally" will have administrators and authenticated users added so that users can logon locally to the machine. However sometimes Admins restrict the use of some machines to particular set of users which might be the case in your issue.

  We had same issue where computer were placed in staging ou where only admin / local admins were allowed to logon locally and authenticated users were missing.

  Once we moved the comp account to correct whcih had administrators and authenticated users, users were able to logon sucessfully.

  What to check 

  Group membership

  Comp account location in AD

  Allow log on locally policy for the OU where comp account is placed

  Hope this helps...

   

  Tuesday, April 29, 2014 8:44 AM
• 

  

  0

  Sign in to vote

  Thanks Insaf Muhammed, it works. I can now log into the user account now

  Tuesday, June 24, 2014 12:08 PM
• 

  

  1

  Sign in to vote

  Log on as administrator. Go to active directory users and computers. expand builtin Ou. Right click print operators and click properties. choose members >click add > domain users and click ok. again ok. This will allow all users in the domain to log on to the server. If you want to allow particular user to log on, choose members>click add >user name >check name > ok > ok.

   

  Wednesday, June 25, 2014 7:29 PM
• 

  

  0

  Sign in to vote

  thanks, works for me, 

  Tuesday, June 30, 2015 8:20 PM
• 

  

  0

  Sign in to vote

  I have found the below link for same issue.

  You cannot log on because the logon method you are using is not allowed on the this computer
  

  
  

  • Edited by Vijaya Reddy PR Friday, May 13, 2016 11:09 AM

  Friday, August 14, 2015 10:28 AM
• 

  

  0

  Sign in to vote

  In addition to checking the above, I would also check the security group(s) you are a member of. You may be part of a restricted group; this would override the local policy.

  Wednesday, June 15, 2016 5:20 PM
• 

  

  0

  Sign in to vote

  (I stated this above, but posting here too)

  I would check the security groups the user is a member of. She may be a member of a restricted group, this overrides local group policy.

  Wednesday, June 15, 2016 5:23 PM
• 

  

  0

  Sign in to vote

  Generally " Allow log on locally" will have administrators and authenticated users added so that users can logon locally to the machine. However sometimes Admins restrict the use of some machines to particular set of users which might be the case in your issue.

  We had same issue where computer were placed in staging ou where only admin / local admins were allowed to logon locally and authenticated users were missing.

  Once we moved the comp account to correct whcih had administrators and authenticated users, users were able to logon sucessfully.

  What to check 

  Group membership

  Comp account location in AD

  Allow log on locally policy for the OU where comp account is placed

  Hope this helps...

   

  You need to make sure the user is allowed logon and NOT denied logon. If you change the deny setting in GPO don't uncheck the box to define the setting. This will keep the registry key from being over written so even though a RSOP will look good it won't work. Instead remove accounts and if all need to be removed still leave that box checked. 

  Tuesday, December 6, 2016 11:05 PM
• 

  

  0

  Sign in to vote

  Hi

  I was messing with group policy and accidentally added "users" to 'deny log on locally' and then I was unable to log in with my account, so I tried system restore with a instillation disk and then everything back to normal. 

  Saturday, February 11, 2017 8:49 AM
• 

  

  0

  Sign in to vote

  Please I'm having the same problem but I have tried all the steps above non is working.

  please, I need assistance. it's really urgent.

  Thank you.

  
  

  • Edited by Rudolfogbes Friday, March 3, 2017 8:46 AM

  Friday, March 3, 2017 8:46 AM
• 

  

  0

  Sign in to vote

  I know this is WAY old, but THANK YOU!!!! I was having this same problem and Case 1 was my solution!!! WOW!!!! Seriously, thank you so much.

  Saturday, May 27, 2017 8:46 AM
• 

  

  0

  Sign in to vote

  The same problem i faced and what troubleshooting worked for me , here it is.

  Open the Group policy in AD> Go to Default domain policy>Edit>Computer Config>Windows Setting>Policies>Security Setting>Local Polices> User right assign> Allow login locally>add "domain user" here

  then apply the gpupdate /force . Now try to login in that PC. It will work as worked for me. 

  Thanks.

  Imran

  Thursday, September 20, 2018 1:08 PM
• 

  

  0

  Sign in to vote

  I know this post is odd but I have no clue what you're talking about. Where is this AD you speak of?

  Wednesday, October 30, 2019 3:54 AM
• 

  

  0

  Sign in to vote

  This worked for me. Thanks.

  Wednesday, April 29, 2020 4:11 PM
• 

  

  0

  Sign in to vote

  nice bro.

  i am able to login now after changing that admin to user,

  thanks.

  Monday, July 6, 2020 6:11 PM