Vista Bus gpedit on a domain

I have 7 brand new computers with Windows 7 PRO that I need to add to a domain, but once I add the computer to the domain I got the message:
You cannot log on because the logon method you are using is not allowed on this computer. et..

Seems like the solution is add domain users to the local sec pol. but when I open gpedit.msc  Comp. conf/widows settng/sec. setts/local pol/ user right assignm.
then allow log on locally, the add user button is grayed out, I've gone crazy trying to find a solution thru google and I'm, at lost, do someone has an idea on how top solve this mystery (to me)
Will be really appreciated.


Maurice.
Maurice Loucelit adminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
How are you logging on?  Domain Admin Account?  What Group Policies are running..  run an rsop from the group policy editor (server)

Does this user have any predefined computers that they are allowed to login to?
0
McKnifeCommented:
The computer is brand new ->you join it to the domain ->you reboot ->that message appears?
If so, how are you able to see the greyed out setting, from a local logon?
If so, do as David suggested, start rsop.msc and quote the user right assignment settings regarding local logons AND logon denials here.
0
Lionel MMSmall Business IT ConsultantCommented:
To me it sounds like your are trying to logon remotely--that is a normal message when using remote desktop connection and the users are not part of the remote desktop group and/or if the PC do not have remote desktop enabled (control panel\system\remote)
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Maurice Loucelit adminAuthor Commented:
David:
rsop is clean no errors
No predefined computers, any new computer should be able, the OLD windows XP were doing it, I deleted all those accounts so that the new w7 computers can join the domain.

McKife:
Yes the messsage shows for USERS but if I log in as admin I am able to log in, then I can use gpedit , but the options to add users under Comp. conf/Wind settings/Sec Sett/Local Pol/ User Right assi. Allow Log On Locally; the button to add is grayed out, no matter what.

Lionelmm:
No I am not login remotely.
0
McKnifeCommented:
rsop is not meant to show errors. RSOP will show you what policies are applied.
Again: "please quote the user right assignment settings regarding local logons AND logon denials here" - those will be shown by rsop.
0
Maurice Loucelit adminAuthor Commented:
McKnife:
Here's a JPG
as you can see the last one is the group where ALL the users that need to access this domain are included.
And there are no denials, this is not a production server, just carry 1 OLD software and is being used as a File server, but the other IT had all the XP machines here, now with w7 is giving me issues that just buggle my brain.

Thanks for helping.
Capture.JPG
0
David Johnson, CD, MVPOwnerCommented:
you need to logon into a domain controller (or any machine that has the RSAT tools) as a domain administrator and from there you can use gpedit to make changes. Local Policy Editor is disabled on Domain Computers.
0
Maurice Loucelit adminAuthor Commented:
With all due respect, David, I checked the RSAT tools but based on this:
" Remote Server Administration Tools for Windows® 7 with SP1 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server® 2008 R2, Windows Server® 2008, or Windows Server® 2003, from a remote computer that is running Windows 7 or Windows 7 with SP1"
Why do I need to remote to the server when I can just simply login as admin?
I can access the GPEDIT on the server, but I can't understand what is the setting (or settings) I need to change (on the server) to make sure the regular users can log in without any issues, I have no problem when I use the Admin Account, but as soon as I try with the regular user I got the:
Logon Failure: The user has not been granted the requested logon type at this computer.

I'm so exhausted trying solutions from google, all seem to suggest me that I need to modify the log on locally and add the "Access this computer from the network" and check that EVERYONE is added to the list, which it is, (I logged as Admin of course) so there is nothing to change, someone told me I need to change policies on the server but never told me what, so I'm at lost.
0
David Johnson, CD, MVPOwnerCommented:
you haven't added everyone to the allow logon locally.  Add users and/or EVERYONE.. is this in your default domain policy?

The defaults are:
On workstations and servers: Administrators, Backup Operators, Power Users, Users, and Guest.
On domain controllers: Account Operators, Administrators, Backup Operators, Print Operators, and Server Operators.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
The screenshot shows"authenticated users" are already allowed, that would do. What might be going on that you still haven't mentioned...?
And we are talking about  logons to the console, not terminal services logons, right?
0
David Johnson, CD, MVPOwnerCommented:
since it is a machine policy no one is authenticated at that time. The network may not have initialized yet.
0
Maurice Loucelit adminAuthor Commented:
I got your points guys, but you forgot 1 detail, anyone with ADMIN rights in the server is able to log on, I just elevate 1 of the users (just for fun) to Admin, and voila, right in..
And like McKnife said Authenticated users is allowed already, but I will add Everyone and users just to try..
0
McKnifeCommented:
Again: local logons or terminal logons?
0
Maurice Loucelit adminAuthor Commented:
Good news..

David I added the Everyone and now is logging on, I have a few computers to configure close to 34 but it will be a lot of fun..

McKnife sorry sir, if I gave the impression that it was Terminal, we don't use terminal services at all, sorry for any inconvenience.
0
Maurice Loucelit adminAuthor Commented:
Thanks for your input David, took me a bit but you were right in the money..
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.