none
the sign-in method you're trying to use isn't allowed

    Question

  • I have a DC build on a Windows Server 2012 Standard.
    All the windows 7 clients are ok, but when I tried to log in the domain with a windows8 pro machine i get the folowing message, the sign-in method you're trying to use isn't allowed .
    I tried to add on user rights assignment/Allow log in locally, the Users group, i think that here is the problem, maybe,...but the option is greyed out.
    Please an advice, is from here or other way?
    Thank you!
    Friday, January 11, 2013 2:15 PM

Answers

All replies

  • Is the win8 domain joined?

    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk

    Friday, January 11, 2013 2:26 PM
    Moderator
  • yes is joined, but on 1-st login after join, I get this message.
    Friday, January 11, 2013 2:35 PM
  • Resolved, I modified Network acces permission, from Control acces through NPS network policy to Allow acces
    Mention that win7 clients works with default Control acces through NPS network policy
    Friday, January 11, 2013 2:40 PM
  • Guys,

            The solution did not work for me. However, I used a "hack" which I would like to share with you:-

    1) Open the Group Policy editor using gpmc.msc

    2) Select your domain and expand Group Policy Objects then right click on "Default Domain Controller Policy"    and Click Edit

    3) Under Computer Management, expand Policies and then select Windows Settings

    4) Expand Security Settings and Select Local Policies and then click on User Rights Management

    5) Right click on Allow Logon Locally and click on Properties

    6) In the next screen you can Add the User of Group that you want

    A Caveat - This will give the user / group permission to physically login to the server and I therefore called it a hack. I hope this helps.

    • Proposed as answer by EMFHofer Friday, March 06, 2015 7:23 AM
    Friday, September 20, 2013 11:06 AM
  • Tried this method but didn't work for me. My problem is with one particular user where she can login to some network machine but not others. I found a work-around by adding the user to the AD group
    Domain Admins. Not ideal but at least she can work.  Still investigating why this works
    Friday, January 03, 2014 11:47 AM
  • yes i tried it work

    http://www.sharepointviking.com/the-signin-method-youre-trying-to-use-isnt-allowed-windows-server-2012/

    Sunday, February 09, 2014 8:14 AM
  • I have a DC build on a Windows Server 2012 Standard.
    All the windows 7 clients are ok, but when I tried to log in the domain with a windows8 pro machine i get the folowing message, the sign-in method you're trying to use isn't allowed .
    I tried to add on user rights assignment/Allow log in locally, the Users group, i think that here is the problem, maybe,...but the option is greyed out.
    Please an advice, is from here or other way?
    Thank you!
    Good solution
    Friday, September 05, 2014 4:42 AM
  • Guys,

            The solution did not work for me. However, I used a "hack" which I would like to share with you:-

    1) Open the Group Policy editor using gpmc.msc

    2) Select your domain and expand Group Policy Objects then right click on "Default Domain Controller Policy"    and Click Edit

    3) Under Computer Management, expand Policies and then select Windows Settings

    4) Expand Security Settings and Select Local Policies and then click on User Rights Management

    5) Right click on Allow Logon Locally and click on Properties

    6) In the next screen you can Add the User of Group that you want

    A Caveat - This will give the user / group permission to physically login to the server and I therefore called it a hack. I hope this helps.

    Good solution
    Friday, September 05, 2014 4:52 AM
  • Tried this method but didn't work for me. My problem is with one particular user where she can login to some network machine but not others. I found a work-around by adding the user to the AD group
    Domain Admins. Not ideal but at least she can work.  Still investigating why this works
    This is work
    • Proposed as answer by doctorcja Thursday, June 18, 2015 4:26 PM
    Friday, September 05, 2014 4:57 AM
  • So, which Microsoft update broke this?

    I found it odd that I couldn't logon to a client's DC and found builtin\administrators had only two accounts in it and was missing Domain/Enterprise Admins as well as Exchange Org Administrators.

    I'm 100% positive the client didn't know enough to try to remove these accounts from this group.


    -=Chris

    Saturday, September 13, 2014 11:35 PM
  • hi . i cant sign-in . please help me ... how can i access to Gpmc ???

    Sunday, October 12, 2014 11:10 AM
  • If you can't sign in to the Essentials server via the console, can you via RDP?

    If you have no access to the Essential server either from the server from either the console or RDP, then you have a different problem.

    If you mean you have the same issue as the others in this thread... a user cannot sign in to his/her workstation, then GPMC is under Admin Tools.


    Larry Struckmeyer[MVP] If your question is answered please mark the response as the answer so that others can benefit.

    Sunday, October 12, 2014 11:51 AM
  • I now have this issue on a SBS 2003 to Win2k12R2 migration.  Both the old and new domain controllers won't let me log on from the console but I can RDP to either one.  Message is "The sign-in method you're trying to use isn't allowed".  I've triple checked the Default Domain Controllers policy - the right groups are listed in the "Allow log on locally" right.  I've checked all the other gpo's to verify they don't have anything set for this.  The two DCs are replicating successfully and no apparent DNS issues.  I'm pretty sure it was working until I uninstalled Exchange 2003 from the SBS box (already migrated to O365) in preparation to demote it and shut it down.  But that makes no sense why it would cause this.  I'm stumped so I'll throw it out here hoping someone has seen this before and figured it out.
    Tuesday, October 21, 2014 9:58 PM
  • Update on fix:

    I finally fixed this by changing the Deny Log on Locally from undefined to defined and leaving it empty.  It had originally contained a couple SBS-specific groups from the old server and just changing it to undefined didn't work but re-enabling it and making sure it was empty let me in.  Apparently the Administrators group was in one of the originally listed groups in the Deny option.

    For what it's worth, any group policy that allows you to block the administrator from logging on to the domain controller console seems like a bad idea - maybe there's some obscure situation where you would want to but I can't think of it.  Talk about giving yourself enough rope to hang yourself.

    Thursday, October 23, 2014 2:22 PM
  • 1) Open the Group Policy editor using gpmc.msc 2) Select your domain and expand Group Policy Objects then right click on "Default Domain Controller Policy" and Click Edit 3) Under Computer Management, expand Policies and then select Windows Settings 4) Expand Security Settings and Select Local Policies and then click on User Rights Management 5) Right click on add workstation to domains and click on Properties 6) In the next screen you can Add the User of Group that you want A Caveat - This will give the user / group permission to physically login to the server. I hope this helps.
    Wednesday, June 10, 2015 9:44 PM
  • You need Remove the user from the deny log users policy,
    Wednesday, July 08, 2015 6:45 PM