"Your account has been prevented from using this computer" error message

I've been having a lot of issues with EBS 2008.

So this morning my users were not able to log in to their machines at all after 2 weeks. error message " your account has been prevented from using this computer" its their computer that they use everyday!!!!!

I'm not sure what the issue is - but in AD the log on to was set to specific mahcines ( shares and DC's and Excahnge)

Also my default group policy has only 2 items enabled so far ( Desktop and Folder Redirection)

In order to get them off Panic mode - I had to check ALL Computers for the time being

Anyone know why this is happening?
D0TComAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mordillo98Commented:
If you go under Active Directory Users and Computers.
Then expand your domain tree to see the Users folder
Then double click one of the users with the problem
Click on the tab where it says "Account"
Click on the button where it says "Log On To..."

Does it says:  "All Computers" selected?
0
D0TComAuthor Commented:
I changed it to All computers for now.
0
D0TComAuthor Commented:
it was set for selected computers before when they weren't able to log in.
0
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

Mordillo98Commented:
Is there any desire for you that certain users log in to specific computers only?
0
D0TComAuthor Commented:
I never had any issues before this morning - I'm not sure what triggered the log on to option to selected computers. I set it to all computers and now they're all fine .

I would like to know what do I need to do to prevent this from happening again.
0
Mordillo98Commented:
Defining the root cause of why this setting was setup in the first place would be really difficult for me to find, but I can give it a try.  ;)

When a new user gets created, do you copy it from an existing user, or do you create it from scratch?
0
D0TComAuthor Commented:
Created it  from scratch - and keep in mind users were working fine the past 2 weeks.

This morning is when I got this message. and no on could log in except for those who didn't log of.
0
Mordillo98Commented:
I guess the reason why I'm asking is that you cannot have this setting done without human interaction.

Either accounts are created by copying one which had that setting setup in the first place, replicating the issue.

Or, under the users folder, multiple accounts where selected, went into the properties, under the Account Tab, and selected the Computer restrictions.

It just doesn't kick in that way.  If you believe administrative work didn't create this situation, and you are the only one who are domain admin, then you need to change the password of any Domain Admin accounts you have, and make sure that NO user can login to the domain controller.

0
D0TComAuthor Commented:
So by default the log on to should be All computers?
0
Mordillo98Commented:
Oh.  So what you're saying is that people who didn't log off their PC got their setting changed to not being able to log into all computers?

Sorry dude.  I've never seen this issue before.  If you believe you need to go through that path in your troubleshooting, I can't help you further.

Good luck.
0
Mordillo98Commented:
Yes.  The default for all users account under the domain controller should be to "All Computers".
0
Mordillo98Commented:
I had some requirements from my customers in the past to have this setting changed.  For example, they wanted the receptionist to only log in into the front desk computer, and no other computers only.  Only when you receive that requirement from somebody that you should change that setting.

Besides that, "All Computers" should be your moto.  ;)
0
D0TComAuthor Commented:
The settings from log on to "all computers" are changed back to Log on to selected computers.

What could be doing this?
0
Mordillo98Commented:
Humm.  Let's see if you have a group policy about it.

Click on Start, All Programs, Administrative Tools, Group Policy Management.
Click on the tab where it says "Settings"
It will say "Generating Report", please wait.

Under Computer Configuration, Policies, Windows Settings, Security Settings, click where it says "show"

check there and see if you can see anything that talks about setting up defaults about logging into specific computers.

Do the same under the User Configuration and see if there's anything in there...


0
D0TComAuthor Commented:
Nothing that I can see....
0
Mordillo98Commented:
Are the computers having this issue part of the same OU (Organization Unit) in AD (Active Directory)?
0
D0TComAuthor Commented:
Yes - all of them are part of the same OU in AD. 60 users.
0
Mordillo98Commented:
Ok.  Let's open again (if closed) Group Policy Management.

Click on Start, All Programs, Administrative Tools, Group Policy Management.

Find your OU, and click on it.
On the right window, there's a tab called Group Policy Inheritance.

Do you have anything in there, or just the Default Doamin Policy?

0
Mordillo98Commented:
...  And do you have anything under "Linked Group Policy Objects" tab on the right hand window as well?
0
D0TComAuthor Commented:
Linked has nothing
Inheritance has the default group policy (which is what im using) and error reporting policy.
0
Mordillo98Commented:
Great.

Now, let's go again under Group Policy Objects on the left hand side, and find the Error Reporting Policy.  Click on it.

On the right hand side, click on the tab called Settings.

Can you find anything in there that talks about the "Log on To" issue your having?
0
D0TComAuthor Commented:
OK I disabled the log on restrictions in gpo for now - I don't understand how it it happened and what triggered it.

Waiting for changes now.
0
Mordillo98Commented:
Great.  Now you can check all the user accounts and see if they are all ok.

If they are, we can close this case?  :)
0
D0TComAuthor Commented:
Its fine now - but the restrictions had nothing to do with 'log on to" persay - they were related password requirements and timeouts before log offs etc...

going to give it few days and see what happens..
0
D0TComAuthor Commented:
Issue came back again - log on to switches from all computers to selected computers in my OU.

0
D0TComAuthor Commented:
Issue was found - it appears that After I installed the licenses I had to assign them to either User or Device.

Thanks for your help.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mordillo98Commented:
Interesting.  Sorry that I couldn't help you further, but I will remember this resolution myself if this problems occurs to me eventually.  Take care.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.