I have a Windows 10 standalone, unnetworked system, being set up for US Govt classified, has been STIG hardened, is not and never has been in an Active Directory Domain.
For a while now, the system has had two Admin users, both of whom can log in fine.
Today, I created a non-admin user. That user cannot log in.
The audit record that shows the failure looks very much like the one presented at https://www.experts-exchange.com/questions/29017480/Windows-7-Non-Admin-Users-cannot-login.html
. The status code and sub status code are the same. When I did a web search for such similar audit records, I got a lot of hits, but for nearly all of them, the Logon Type was 3 (remote), and the solution had to do with Active Directory tweaks. My audit record's Logon Type was 2 (local), just like the one at the aforementioned web page. That's why I bought a subscription to this site, hoping to see a solution.
But, alas, after buying the subscription and being able to see the possible proposed solutions, none of them seemed to fit my case:
- The first reply, by John, mentioned checking the user's folder for problems. Since I just created this user, and the user has never successfully logged in, the user's folder has not been created yet.
- The next reply, by Shaun Vermaak, is about AD. N/A, not in a domain.
- Next reply, by meicompany (the author of the queston), mentions log files getting too big. I checked all the log files that are configured to have a maximum size, and the smallest such configured maximum size is 32G. i checked current size of all my log files, and the largest is 8G. So that's not the problem.
- Then John chimed in again with User Profile folders filling up. See my previous response to John.
And I did think to check local policy "Allow log on locally". It had "Administrators, Users" (only). The system's Admin users are both in the Administrators group, and that works. The newly added non-admin user is in the Users group (I checked), but that still doesn't work.
Anyone got anything else?
P.S., note that debugging is going to be rather inconvenient. It's a classified system. I cannot (easily) pull anything off. I can look and transcribe, but that will only be practical for small bits of data. Please don't ask me to provide large chunks of info off the system.