troubleshooting Question

non-domain system, non-admin users not allowed to login

Avatar of Phil Dumont
Phil Dumont asked on
Windows OSWindows 10
66 Comments1 Solution272 ViewsLast Modified:
I have a Windows 10 standalone, unnetworked system, being set up for US Govt classified, has been STIG hardened, is not and never has been in an Active Directory Domain.

For a while now, the system has had two Admin users, both of whom can log in fine.

Today, I created a non-admin user.  That user cannot log in.

The audit record that shows the failure looks very much like the one presented at  The status code and sub status code are the same.  When I did a web search for such similar audit records, I got a lot of hits, but for nearly all of them, the Logon Type was 3 (remote), and the solution had to do with Active Directory tweaks.  My audit record's Logon Type was 2 (local), just like the one at the aforementioned web page.  That's why I bought a subscription to this site, hoping to see a solution.

But, alas, after buying the subscription and being able to see the possible proposed solutions, none of them seemed to fit my case:
  • The first reply, by John, mentioned checking the user's folder for problems.  Since I just created this user, and the user has never successfully logged in, the user's folder has not been created yet.
  • The next reply, by Shaun Vermaak, is about AD.  N/A, not in a domain.
  • Next reply, by meicompany (the author of the queston), mentions log files getting too big.  I checked all the log files that are configured to have a maximum size, and the smallest such configured maximum size is 32G.  i checked current size of all my log files, and the largest is 8G.  So that's not the problem.
  • Then John chimed in again with User Profile folders filling up.  See my previous response to John.

And I did think to check local policy "Allow log on locally".  It had "Administrators, Users" (only).  The system's Admin users are both in the Administrators group, and that works.  The newly added non-admin user is in the Users group (I checked), but that still doesn't work.

Anyone got anything else?

P.S., note that debugging is going to be rather inconvenient.  It's a classified system.  I cannot (easily) pull anything off.  I can look and transcribe, but that will only be practical for small bits of data.  Please don't ask me to provide large chunks of info off the system.

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 66 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 66 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros