• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 116
  • Last Modified:

Getting error the logon n method you are using is not allowed on this computer

Ok I have posted a similar problem, in this site recently.  I added a test user to my group policy to deny access to a specific computer on a computer workstation.  I got it to work so that I would get the following error message when I tried to log on to that account

Getting error the signin method you're trying to use isn't allowed.

Once I tested this.  I removed it from the policy and now the policy is not defined.  However I am still not apple to logon to the computer using the test user.  I can logon as any other user, but that one.

I have done a gpupdate on the server, restarted the server and I also have done a gpupdate /force on the workstation computer.  I have also tried restartimg the workstation computer but nothing seems to work.

Any ideas?  
Using windows server 2012 r2
0
MomForLife
Asked:
MomForLife
  • 4
  • 2
1 Solution
 
MomForLifeAuthor Commented:
Just adding a bit more to this.  I logged in to a working user on that workstation and opened up task manager.  when I check to see users, My test user is listed as being disconnected.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I tried to find the similar question you say you posted to find out what exactly you did for the group policy -- but couldn't find it.

The reason I wanted to see that is because some policies get "tattooed" into the registry and cannot be reversed by simply disabling the policy.

You can read more about this here:
https://www.experts-exchange.com/questions/27724014/Windwos-2008-Group-Policies-Prevent-Tattooing.html
0
 
MomForLifeAuthor Commented:
Okay briefly read up on tattooing.  The entry was made in a gpo I created, linked and enforced.   The policy is under the computer setting, security settings, local policy, deny local logon (something like that).

I had company,  where they have have gone into the Default Domain Policy and actually changed the allow local logon, and the users listed here are the only ones that can login.  I also removed them, did gpupdate on server and did a gpupdate /force on the workstation computer that is joined to the domain.  , however I am still not able to login with other AD users on this workstation.  

This is why i was doing some testing using the deny local.  Just wanted to see if it would give me the same error.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
however I am still not able to login with other AD users on this workstation.  

AH... I'm sorry I missed that specific detail from your initial question.

You can only log into a workstation with user accounts which are listed in the local USERS group of that computer.  Usually you would add the "Domain Users" or "Authenticated Users" security group to the local USERS group to allow for this.

Domain Users is added by default when the computer is joined to the domain.  But it may have been removed, so check that out.
0
 
MomForLifeAuthor Commented:
Thank you Jeffrey Kane
0
 
MomForLifeAuthor Commented:
Thank you.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now