Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Vista Bus gpedit on a domain

Posted on 2014-11-28
15
138 Views
Last Modified: 2014-12-02
I have 7 brand new computers with Windows 7 PRO that I need to add to a domain, but once I add the computer to the domain I got the message:
You cannot log on because the logon method you are using is not allowed on this computer. et..

Seems like the solution is add domain users to the local sec pol. but when I open gpedit.msc  Comp. conf/widows settng/sec. setts/local pol/ user right assignm.
then allow log on locally, the add user button is grayed out, I've gone crazy trying to find a solution thru google and I'm, at lost, do someone has an idea on how top solve this mystery (to me)
Will be really appreciated.


Maurice.
0
Comment
Question by:Maurice Loucel
  • 6
  • 4
  • 4
  • +1
15 Comments
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40471368
How are you logging on?  Domain Admin Account?  What Group Policies are running..  run an rsop from the group policy editor (server)

Does this user have any predefined computers that they are allowed to login to?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40471559
The computer is brand new ->you join it to the domain ->you reboot ->that message appears?
If so, how are you able to see the greyed out setting, from a local logon?
If so, do as David suggested, start rsop.msc and quote the user right assignment settings regarding local logons AND logon denials here.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 40471564
To me it sounds like your are trying to logon remotely--that is a normal message when using remote desktop connection and the users are not part of the remote desktop group and/or if the PC do not have remote desktop enabled (control panel\system\remote)
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Maurice Loucel
ID: 40474299
David:
rsop is clean no errors
No predefined computers, any new computer should be able, the OLD windows XP were doing it, I deleted all those accounts so that the new w7 computers can join the domain.

McKife:
Yes the messsage shows for USERS but if I log in as admin I am able to log in, then I can use gpedit , but the options to add users under Comp. conf/Wind settings/Sec Sett/Local Pol/ User Right assi. Allow Log On Locally; the button to add is grayed out, no matter what.

Lionelmm:
No I am not login remotely.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40474600
rsop is not meant to show errors. RSOP will show you what policies are applied.
Again: "please quote the user right assignment settings regarding local logons AND logon denials here" - those will be shown by rsop.
0
 

Author Comment

by:Maurice Loucel
ID: 40474860
McKnife:
Here's a JPG
as you can see the last one is the group where ALL the users that need to access this domain are included.
And there are no denials, this is not a production server, just carry 1 OLD software and is being used as a File server, but the other IT had all the XP machines here, now with w7 is giving me issues that just buggle my brain.

Thanks for helping.
Capture.JPG
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40475018
you need to logon into a domain controller (or any machine that has the RSAT tools) as a domain administrator and from there you can use gpedit to make changes. Local Policy Editor is disabled on Domain Computers.
0
 

Author Comment

by:Maurice Loucel
ID: 40475078
With all due respect, David, I checked the RSAT tools but based on this:
" Remote Server Administration Tools for Windows® 7 with SP1 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server® 2008 R2, Windows Server® 2008, or Windows Server® 2003, from a remote computer that is running Windows 7 or Windows 7 with SP1"
Why do I need to remote to the server when I can just simply login as admin?
I can access the GPEDIT on the server, but I can't understand what is the setting (or settings) I need to change (on the server) to make sure the regular users can log in without any issues, I have no problem when I use the Admin Account, but as soon as I try with the regular user I got the:
Logon Failure: The user has not been granted the requested logon type at this computer.

I'm so exhausted trying solutions from google, all seem to suggest me that I need to modify the log on locally and add the "Access this computer from the network" and check that EVERYONE is added to the list, which it is, (I logged as Admin of course) so there is nothing to change, someone told me I need to change policies on the server but never told me what, so I'm at lost.
0
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40475108
you haven't added everyone to the allow logon locally.  Add users and/or EVERYONE.. is this in your default domain policy?

The defaults are:
On workstations and servers: Administrators, Backup Operators, Power Users, Users, and Guest.
On domain controllers: Account Operators, Administrators, Backup Operators, Print Operators, and Server Operators.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40475140
The screenshot shows"authenticated users" are already allowed, that would do. What might be going on that you still haven't mentioned...?
And we are talking about  logons to the console, not terminal services logons, right?
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40475168
since it is a machine policy no one is authenticated at that time. The network may not have initialized yet.
0
 

Author Comment

by:Maurice Loucel
ID: 40476569
I got your points guys, but you forgot 1 detail, anyone with ADMIN rights in the server is able to log on, I just elevate 1 of the users (just for fun) to Admin, and voila, right in..
And like McKnife said Authenticated users is allowed already, but I will add Everyone and users just to try..
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40476595
Again: local logons or terminal logons?
0
 

Author Comment

by:Maurice Loucel
ID: 40476828
Good news..

David I added the Everyone and now is logging on, I have a few computers to configure close to 34 but it will be a lot of fun..

McKnife sorry sir, if I gave the impression that it was Terminal, we don't use terminal services at all, sorry for any inconvenience.
0
 

Author Closing Comment

by:Maurice Loucel
ID: 40476836
Thanks for your input David, took me a bit but you were right in the money..
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question