Symptom: When trying to logon a computer using non administrator ID, you may receive this message: “You cannot log on because the logon method you are using is not allowed on this computer. Please see you network administrator for more details.”
Case 1: Group Policy’ “Allow log on locally” was not setup to allow users or domain users. To setup allow users or domain users to logon the computer or domain, you need to add the users or domain users to the “Allow log on locally”. Please follow these steps to add the users.
1. Run gpedit.msc.
2. Expand Computer Configuration\Windows Settings\Security Settings\Local Policies
3. Click on User Rights Assignment
4. Ensure that “Allow log on locally” includes Administrators, Backup
Operators, Domain Users or Users.
Case 2: Group Policy’ “Deny log on locally” was setup to deny users or domain users. To setup allow users or domain users to logon the computer or domain locally, “Deny log on locally” should be empty or no users or domain users in the list. Please follow these steps to remove the users or domain users from the “Deny log on locally”.
1. Run gpedit.msc.
2. Expand Windows Settings\Security Settings\Local Policies
3. Click on User Rights Assignment
4. Ensure that “Deny log on locally” is empty.
Case 3: The local group policy allow user to logon. However, domain group policy which overrides local policy doesn’t allow users to logon locally. The resolution is modify the domain policy to allow users to logon locally.
Case 4: The domain policy allows domain users to logon locally, but the local policy doesn’t and the domain policy doesn’t apply to the computer. The fix is running gpupdate to force to update the domain policy.
If the machine is on a domain this change may need to be made on the server. once the change has been completed on the workstation run the following command. GPUpdate.exe /force