Unable to log into Windows 2012 server from console

In the last week one of my clients servers has stopped the Administrator account from logging in from the console, you can however log in from a remote desktop session.

Nothing has changed on the domain other than the addition of a Hyper-V remote desktop server onto the domain, I've checked all the group policy settings and they all allow login from local device.

Spent most of the day today trying to resolve the problem, hopefully an expert can help, the error is :

The sign in method you're trying to use isn't allowed. For more info, contact your network administrator.
niesmannAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
niesmannConnect With a Mentor Author Commented:
Hi all

Managed to find the solution eventually there was a local deny policy in place that had random characters as the user name, I removed the policy and was now able to logon, thanks for all your help on this and confirming I wasn't going bonkers, sometimes you can't see the wood for the trees !
0
 
Alexandre MichelManager; IT ConsultantCommented:
Hi

Try to create a new Group Policy & add Domain users and administrator to the Allow Logon Locally in GPO,

Group Policy Management--> Computer Configuration --> Windows Settings --> Security Settings --> Local Policies -->

User Rights Assignment --> Allow Log on Locally  

Alex
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Compare the Default Domain Policy and the Default Domain Controllers Policy against an untouched version set.

As a rule, one should not edit those two GPOs ever.

It sounds like a smart card policy or the like has been implemented at a global scope.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Adam BrownSr Solutions ArchitectCommented:
Alexandre's recommendation should work for you. Sounds like the user rights assignment was modified.
0
 
niesmannAuthor Commented:
Hi  
Many thanks for your advice, I have created a new GPO and applied and I still have the same problem, I've also compared the default domain policy's against another server on another domain and everything seems the same.

Is there a registry entry on the server itself that could restrict the login and if so which would take precedent the GPO or a local registry entry.

Never had this problem before

Thanks again
0
 
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
run rsop.msc on the server and go to the user rights assignment section. That should tell you what the effective settings are and which GPO is "winning".
0
 
niesmannAuthor Commented:
Hi Adam

Just checked via rsop and the new policy I just created is winning and the allow local logon is set correctly , really odd.
0
 
niesmannAuthor Commented:
After Adam confirming I was on the right track with GPO eventually I managed to work out the solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.