Link to home
Start Free TrialLog in
Avatar of Maurice L
Maurice LFlag for United States of America

asked on

Vista Bus gpedit on a domain

I have 7 brand new computers with Windows 7 PRO that I need to add to a domain, but once I add the computer to the domain I got the message:
You cannot log on because the logon method you are using is not allowed on this computer. et..

Seems like the solution is add domain users to the local sec pol. but when I open gpedit.msc  Comp. conf/widows settng/sec. setts/local pol/ user right assignm.
then allow log on locally, the add user button is grayed out, I've gone crazy trying to find a solution thru google and I'm, at lost, do someone has an idea on how top solve this mystery (to me)
Will be really appreciated.

Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

How are you logging on?  Domain Admin Account?  What Group Policies are running..  run an rsop from the group policy editor (server)

Does this user have any predefined computers that they are allowed to login to?
The computer is brand new ->you join it to the domain ->you reboot ->that message appears?
If so, how are you able to see the greyed out setting, from a local logon?
If so, do as David suggested, start rsop.msc and quote the user right assignment settings regarding local logons AND logon denials here.
To me it sounds like your are trying to logon remotely--that is a normal message when using remote desktop connection and the users are not part of the remote desktop group and/or if the PC do not have remote desktop enabled (control panel\system\remote)
Avatar of Maurice L


rsop is clean no errors
No predefined computers, any new computer should be able, the OLD windows XP were doing it, I deleted all those accounts so that the new w7 computers can join the domain.

Yes the messsage shows for USERS but if I log in as admin I am able to log in, then I can use gpedit , but the options to add users under Comp. conf/Wind settings/Sec Sett/Local Pol/ User Right assi. Allow Log On Locally; the button to add is grayed out, no matter what.

No I am not login remotely.
rsop is not meant to show errors. RSOP will show you what policies are applied.
Again: "please quote the user right assignment settings regarding local logons AND logon denials here" - those will be shown by rsop.
Here's a JPG
as you can see the last one is the group where ALL the users that need to access this domain are included.
And there are no denials, this is not a production server, just carry 1 OLD software and is being used as a File server, but the other IT had all the XP machines here, now with w7 is giving me issues that just buggle my brain.

Thanks for helping.
you need to logon into a domain controller (or any machine that has the RSAT tools) as a domain administrator and from there you can use gpedit to make changes. Local Policy Editor is disabled on Domain Computers.
With all due respect, David, I checked the RSAT tools but based on this:
" Remote Server Administration Tools for Windows® 7 with SP1 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server® 2008 R2, Windows Server® 2008, or Windows Server® 2003, from a remote computer that is running Windows 7 or Windows 7 with SP1"
Why do I need to remote to the server when I can just simply login as admin?
I can access the GPEDIT on the server, but I can't understand what is the setting (or settings) I need to change (on the server) to make sure the regular users can log in without any issues, I have no problem when I use the Admin Account, but as soon as I try with the regular user I got the:
Logon Failure: The user has not been granted the requested logon type at this computer.

I'm so exhausted trying solutions from google, all seem to suggest me that I need to modify the log on locally and add the "Access this computer from the network" and check that EVERYONE is added to the list, which it is, (I logged as Admin of course) so there is nothing to change, someone told me I need to change policies on the server but never told me what, so I'm at lost.
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The screenshot shows"authenticated users" are already allowed, that would do. What might be going on that you still haven't mentioned...?
And we are talking about  logons to the console, not terminal services logons, right?
since it is a machine policy no one is authenticated at that time. The network may not have initialized yet.
I got your points guys, but you forgot 1 detail, anyone with ADMIN rights in the server is able to log on, I just elevate 1 of the users (just for fun) to Admin, and voila, right in..
And like McKnife said Authenticated users is allowed already, but I will add Everyone and users just to try..
Again: local logons or terminal logons?
Good news..

David I added the Everyone and now is logging on, I have a few computers to configure close to 34 but it will be a lot of fun..

McKnife sorry sir, if I gave the impression that it was Terminal, we don't use terminal services at all, sorry for any inconvenience.
Thanks for your input David, took me a bit but you were right in the money..