Solved

Vista Bus gpedit on a domain

Posted on 2014-11-28
15
129 Views
Last Modified: 2014-12-02
I have 7 brand new computers with Windows 7 PRO that I need to add to a domain, but once I add the computer to the domain I got the message:
You cannot log on because the logon method you are using is not allowed on this computer. et..

Seems like the solution is add domain users to the local sec pol. but when I open gpedit.msc  Comp. conf/widows settng/sec. setts/local pol/ user right assignm.
then allow log on locally, the add user button is grayed out, I've gone crazy trying to find a solution thru google and I'm, at lost, do someone has an idea on how top solve this mystery (to me)
Will be really appreciated.


Maurice.
0
Comment
Question by:Maurice Loucel
  • 6
  • 4
  • 4
  • +1
15 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40471368
How are you logging on?  Domain Admin Account?  What Group Policies are running..  run an rsop from the group policy editor (server)

Does this user have any predefined computers that they are allowed to login to?
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40471559
The computer is brand new ->you join it to the domain ->you reboot ->that message appears?
If so, how are you able to see the greyed out setting, from a local logon?
If so, do as David suggested, start rsop.msc and quote the user right assignment settings regarding local logons AND logon denials here.
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 40471564
To me it sounds like your are trying to logon remotely--that is a normal message when using remote desktop connection and the users are not part of the remote desktop group and/or if the PC do not have remote desktop enabled (control panel\system\remote)
0
 

Author Comment

by:Maurice Loucel
ID: 40474299
David:
rsop is clean no errors
No predefined computers, any new computer should be able, the OLD windows XP were doing it, I deleted all those accounts so that the new w7 computers can join the domain.

McKife:
Yes the messsage shows for USERS but if I log in as admin I am able to log in, then I can use gpedit , but the options to add users under Comp. conf/Wind settings/Sec Sett/Local Pol/ User Right assi. Allow Log On Locally; the button to add is grayed out, no matter what.

Lionelmm:
No I am not login remotely.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40474600
rsop is not meant to show errors. RSOP will show you what policies are applied.
Again: "please quote the user right assignment settings regarding local logons AND logon denials here" - those will be shown by rsop.
0
 

Author Comment

by:Maurice Loucel
ID: 40474860
McKnife:
Here's a JPG
as you can see the last one is the group where ALL the users that need to access this domain are included.
And there are no denials, this is not a production server, just carry 1 OLD software and is being used as a File server, but the other IT had all the XP machines here, now with w7 is giving me issues that just buggle my brain.

Thanks for helping.
Capture.JPG
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40475018
you need to logon into a domain controller (or any machine that has the RSAT tools) as a domain administrator and from there you can use gpedit to make changes. Local Policy Editor is disabled on Domain Computers.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:Maurice Loucel
ID: 40475078
With all due respect, David, I checked the RSAT tools but based on this:
" Remote Server Administration Tools for Windows® 7 with SP1 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server® 2008 R2, Windows Server® 2008, or Windows Server® 2003, from a remote computer that is running Windows 7 or Windows 7 with SP1"
Why do I need to remote to the server when I can just simply login as admin?
I can access the GPEDIT on the server, but I can't understand what is the setting (or settings) I need to change (on the server) to make sure the regular users can log in without any issues, I have no problem when I use the Admin Account, but as soon as I try with the regular user I got the:
Logon Failure: The user has not been granted the requested logon type at this computer.

I'm so exhausted trying solutions from google, all seem to suggest me that I need to modify the log on locally and add the "Access this computer from the network" and check that EVERYONE is added to the list, which it is, (I logged as Admin of course) so there is nothing to change, someone told me I need to change policies on the server but never told me what, so I'm at lost.
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40475108
you haven't added everyone to the allow logon locally.  Add users and/or EVERYONE.. is this in your default domain policy?

The defaults are:
On workstations and servers: Administrators, Backup Operators, Power Users, Users, and Guest.
On domain controllers: Account Operators, Administrators, Backup Operators, Print Operators, and Server Operators.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40475140
The screenshot shows"authenticated users" are already allowed, that would do. What might be going on that you still haven't mentioned...?
And we are talking about  logons to the console, not terminal services logons, right?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40475168
since it is a machine policy no one is authenticated at that time. The network may not have initialized yet.
0
 

Author Comment

by:Maurice Loucel
ID: 40476569
I got your points guys, but you forgot 1 detail, anyone with ADMIN rights in the server is able to log on, I just elevate 1 of the users (just for fun) to Admin, and voila, right in..
And like McKnife said Authenticated users is allowed already, but I will add Everyone and users just to try..
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40476595
Again: local logons or terminal logons?
0
 

Author Comment

by:Maurice Loucel
ID: 40476828
Good news..

David I added the Everyone and now is logging on, I have a few computers to configure close to 34 but it will be a lot of fun..

McKnife sorry sir, if I gave the impression that it was Terminal, we don't use terminal services at all, sorry for any inconvenience.
0
 

Author Closing Comment

by:Maurice Loucel
ID: 40476836
Thanks for your input David, took me a bit but you were right in the money..
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Article by: Lee
Windows 7 Ultimate and Enterprise (and 2008 R2) introduced a new feature you may not be aware of - Boot from VHD.   Boot from VHD (or what Microsoft refers to asNative Boot allows you to install Windows to a VHD (Virtual Hard Disk) file that is t…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now