none
The Group Policy Client service failed to logon : Access is Denied

    Question

  • Good day to all professional tech,

    I got an issue for the login to Windows server 2008 R2 locally or by domain.

    It keep coming out the Access is Denied.

    If i can't login into the windows, any solutions for that ?

    I had tried safe mode & any other steps and it wont work.

    Please advice, many thanks

    Friday, December 23, 2016 8:29 AM

Answers

  • Hi,

    Is this a domain environment?

    If yes, I suggest you check if the properties of the user, which cannot logon locally, has been configured Log On To like below.

    If the Log On To is not configured, I suggest you configure the domain group policy with Allow logon locally.

    To configure the setting in GPO, you need first create an OU, and add the computer, which the user cannot logon, to the OU.

    Then creating a GPO link to the OU, and configure the setting in the GPO on group policy management.

    In addition, to check if the computer has configured with Allow logon locally setting. You could logon the computer with domain administrator and run gpresult /h gpreport.html to check.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Jay GuModerator Friday, December 30, 2016 8:10 AM
    • Marked as answer by Joeses Friday, December 30, 2016 8:42 AM
    Friday, December 30, 2016 8:09 AM
    Moderator

All replies

  • Hi,

    First, I suggest you try to check if the user has configured with Log On To in ADUC like below.

    In addition, I suggest you try to check if there is GPO configured with Allow Logon locally setting under the path below.

    Computer Configuration\Policies\Windows Setting\Security Settings\Local Policies\User Rights Assignment

    If the user has configured Log On To, I suggest you change the Log On To to All computers.

    If the computer has configured with Allow logon locally, you could add the user to the setting in GPO.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Todd Heron Friday, December 23, 2016 12:58 PM
    Friday, December 23, 2016 12:34 PM
    Moderator
  • Hi Jay, Thanks for your advise. I will try that first in my domain server. After that I will update it in this post. Thanks again.
    Friday, December 23, 2016 3:17 PM
  • Good day,

    I already follow your path to the GPO settings and found out there is an administrators and Allow to login locally but i cant change the settings in it.

    So the administrators login is mean that user already has the right to login locally ?

    Please advice, thank you.

    Tuesday, December 27, 2016 2:41 AM
  • Hi,

    Is this a domain environment?

    If yes, I suggest you check if the properties of the user, which cannot logon locally, has been configured Log On To like below.

    If the Log On To is not configured, I suggest you configure the domain group policy with Allow logon locally.

    To configure the setting in GPO, you need first create an OU, and add the computer, which the user cannot logon, to the OU.

    Then creating a GPO link to the OU, and configure the setting in the GPO on group policy management.

    In addition, to check if the computer has configured with Allow logon locally setting. You could logon the computer with domain administrator and run gpresult /h gpreport.html to check.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Jay GuModerator Friday, December 30, 2016 8:10 AM
    • Marked as answer by Joeses Friday, December 30, 2016 8:42 AM
    Friday, December 30, 2016 8:09 AM
    Moderator
  • Hi,

    Your way works in a way & I learn a new knowledge today.

    Before that, I'm trying my last resolve is to clear all old profiles which store at the users document folder which I can still able to access from \\serverIP\users.

    I delete the user profile folder from it & after that i go to " regedit and select File -- Connect Network Registry (type in server name, local username & password) provided other server is in the same network.

    After that go to HIKEY_LOCAL_MACHINE---SOFTWARE---MICROSOFT---WINDOWS NT---CURRENTVERSION---PROFILELIST, drop down and find the user profile that cant be login and delete it.

    After that, I login locally or in domain, then i able to get in the windows without any issue.

    Thanks for all the previous info.

    Friday, December 30, 2016 8:50 AM