Avatar of Maurice L
Maurice L
Flag for United States of America asked on

Vista Bus gpedit on a domain

I have 7 brand new computers with Windows 7 PRO that I need to add to a domain, but once I add the computer to the domain I got the message:
You cannot log on because the logon method you are using is not allowed on this computer. et..

Seems like the solution is add domain users to the local sec pol. but when I open gpedit.msc  Comp. conf/widows settng/sec. setts/local pol/ user right assignm.
then allow log on locally, the add user button is grayed out, I've gone crazy trying to find a solution thru google and I'm, at lost, do someone has an idea on how top solve this mystery (to me)
Will be really appreciated.


Maurice.
Windows Server 2003Windows 7

Avatar of undefined
Last Comment
Maurice L

8/22/2022 - Mon
David Johnson, CD

How are you logging on?  Domain Admin Account?  What Group Policies are running..  run an rsop from the group policy editor (server)

Does this user have any predefined computers that they are allowed to login to?
McKnife

The computer is brand new ->you join it to the domain ->you reboot ->that message appears?
If so, how are you able to see the greyed out setting, from a local logon?
If so, do as David suggested, start rsop.msc and quote the user right assignment settings regarding local logons AND logon denials here.
Lionel MM

To me it sounds like your are trying to logon remotely--that is a normal message when using remote desktop connection and the users are not part of the remote desktop group and/or if the PC do not have remote desktop enabled (control panel\system\remote)
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Maurice L

ASKER
David:
rsop is clean no errors
No predefined computers, any new computer should be able, the OLD windows XP were doing it, I deleted all those accounts so that the new w7 computers can join the domain.

McKife:
Yes the messsage shows for USERS but if I log in as admin I am able to log in, then I can use gpedit , but the options to add users under Comp. conf/Wind settings/Sec Sett/Local Pol/ User Right assi. Allow Log On Locally; the button to add is grayed out, no matter what.

Lionelmm:
No I am not login remotely.
McKnife

rsop is not meant to show errors. RSOP will show you what policies are applied.
Again: "please quote the user right assignment settings regarding local logons AND logon denials here" - those will be shown by rsop.
Maurice L

ASKER
McKnife:
Here's a JPG
as you can see the last one is the group where ALL the users that need to access this domain are included.
And there are no denials, this is not a production server, just carry 1 OLD software and is being used as a File server, but the other IT had all the XP machines here, now with w7 is giving me issues that just buggle my brain.

Thanks for helping.
Capture.JPG
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
David Johnson, CD

you need to logon into a domain controller (or any machine that has the RSAT tools) as a domain administrator and from there you can use gpedit to make changes. Local Policy Editor is disabled on Domain Computers.
Maurice L

ASKER
With all due respect, David, I checked the RSAT tools but based on this:
" Remote Server Administration Tools for Windows® 7 with SP1 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server® 2008 R2, Windows Server® 2008, or Windows Server® 2003, from a remote computer that is running Windows 7 or Windows 7 with SP1"
Why do I need to remote to the server when I can just simply login as admin?
I can access the GPEDIT on the server, but I can't understand what is the setting (or settings) I need to change (on the server) to make sure the regular users can log in without any issues, I have no problem when I use the Admin Account, but as soon as I try with the regular user I got the:
Logon Failure: The user has not been granted the requested logon type at this computer.

I'm so exhausted trying solutions from google, all seem to suggest me that I need to modify the log on locally and add the "Access this computer from the network" and check that EVERYONE is added to the list, which it is, (I logged as Admin of course) so there is nothing to change, someone told me I need to change policies on the server but never told me what, so I'm at lost.
ASKER CERTIFIED SOLUTION
David Johnson, CD

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
McKnife

The screenshot shows"authenticated users" are already allowed, that would do. What might be going on that you still haven't mentioned...?
And we are talking about  logons to the console, not terminal services logons, right?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
David Johnson, CD

since it is a machine policy no one is authenticated at that time. The network may not have initialized yet.
Maurice L

ASKER
I got your points guys, but you forgot 1 detail, anyone with ADMIN rights in the server is able to log on, I just elevate 1 of the users (just for fun) to Admin, and voila, right in..
And like McKnife said Authenticated users is allowed already, but I will add Everyone and users just to try..
McKnife

Again: local logons or terminal logons?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Maurice L

ASKER
Good news..

David I added the Everyone and now is logging on, I have a few computers to configure close to 34 but it will be a lot of fun..

McKnife sorry sir, if I gave the impression that it was Terminal, we don't use terminal services at all, sorry for any inconvenience.
Maurice L

ASKER
Thanks for your input David, took me a bit but you were right in the money..