Logon Failure User Account Restrictions

We receive an erro  Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.

This happens when we try to run a shortcut to an .exe as someone else. The odd thing is it occurs only for this one account. We can run it as every other account but this one. it is a domain account with the exact rights as the other accounts that can run the .exe without error. If I create a new domain account with the same permissions as this account it will work fine but if I create a new account by copying it then it will also throw the error.

I can't recreate the account because their are other machines using the account for task jobs and batches.

Any ideas

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

is there a group policy applied to the user or the computer that might have some restrictions in it?  I would check active directory and also the local group policy for the computer.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Have you checked the security logs of the machine you're trying to run it on and the domain controller to see exactly what the failure is?

Have you checked the "Logon Hours" and "Log On To" under the Account tab to see if there are any restrictions there?
kryanCAuthor Commented:
Checked permissions and checked log on hours, groups etc. Nothing different.

Only Event 10  Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Looks more and more AD side and we can't recover the account from rollback in this environment.

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

can you post gpresult /h c:\win.html
As others suggested please see the logon hrs and logon to properties of the user and see if any restriction applied there
What events are being triggered in Application system or security logs when the issue occurs
Do you use runas? If yes, try the switch /noprofile and retry.
SandeshdubeySenior Server EngineerCommented:
See this link ,try changing the limitblankpassworduse value from 1 to 0 and check. http://social.msdn.microsoft.com/Forums/ie/en-US/6b65866a-10cc-42c8-8277-c9d9cd6c8afe/logon-failure-user-account-restriction-possible-reasons-are-blank-passwords-not-allowed-logon

Also check the local policy are any deny setting applied.You can also run rsopm.msc on the client computer to check.
kryanCAuthor Commented:
Forced to recreate the account. This fixed the issue. The GPs were identical to the others and nothing stood out. After hours of going through these items, I surrendered and went with what I knew would fix it.
Thank you all for your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.