Logon Failure User Account Restrictions

We receive an erro  Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.

This happens when we try to run a shortcut to an .exe as someone else. The odd thing is it occurs only for this one account. We can run it as every other account but this one. it is a domain account with the exact rights as the other accounts that can run the .exe without error. If I create a new domain account with the same permissions as this account it will work fine but if I create a new account by copying it then it will also throw the error.

I can't recreate the account because their are other machines using the account for task jobs and batches.

Any ideas

Who is Participating?
IKtechConnect With a Mentor Commented:
is there a group policy applied to the user or the computer that might have some restrictions in it?  I would check active directory and also the local group policy for the computer.
apathy42Connect With a Mentor Commented:
Have you checked the security logs of the machine you're trying to run it on and the domain controller to see exactly what the failure is?

Have you checked the "Logon Hours" and "Log On To" under the Account tab to see if there are any restrictions there?
kryanCAuthor Commented:
Checked permissions and checked log on hours, groups etc. Nothing different.

Only Event 10  Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Looks more and more AD side and we can't recover the account from rollback in this environment.

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Sarang TinguriaConnect With a Mentor Sr EngineerCommented:
can you post gpresult /h c:\win.html
As others suggested please see the logon hrs and logon to properties of the user and see if any restriction applied there
What events are being triggered in Application system or security logs when the issue occurs
McKnifeConnect With a Mentor Commented:
Do you use runas? If yes, try the switch /noprofile and retry.
SandeshdubeyConnect With a Mentor Senior Server EngineerCommented:
See this link ,try changing the limitblankpassworduse value from 1 to 0 and check. http://social.msdn.microsoft.com/Forums/ie/en-US/6b65866a-10cc-42c8-8277-c9d9cd6c8afe/logon-failure-user-account-restriction-possible-reasons-are-blank-passwords-not-allowed-logon

Also check the local policy are any deny setting applied.You can also run rsopm.msc on the client computer to check.
kryanCAuthor Commented:
Forced to recreate the account. This fixed the issue. The GPs were identical to the others and nothing stood out. After hours of going through these items, I surrendered and went with what I knew would fix it.
Thank you all for your help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.