Results 1 to 6 of 6

Thread: "You cannot log on because the logon method you are using is not allowed on this computer"

  1. #1
    Join Date
    Jan 2009
    Posts
    145

    "You cannot log on because the logon method you are using is not allowed on this computer"

    This is the error I am getting when I try to log in on the DC with a user which is not a member of the Domain Admin group. If I log in with the domain Administrator user and assign the domain admin group to the user it logs in normally. I have tried to create a different group but still the same.

  2. #2
    Join Date
    Oct 2004
    Posts
    1,343

    Re: "You cannot log on because the logon method you are using is not allowed on this computer"

    I think that the user has to be in the domain admin group. It is a domain controller, so why would you want a non-admin to log onto a domain controller? Can you tell me whether this is a Terminal Server in Application mode? If that is the case, then in order to allow a non-domain admin account to logon on to a Terminal Server, the account would need to be in the Terminal Services group, have log on locally rights, as well as log on interactive rights?

  3. #3
    Join Date
    Oct 2005
    Posts
    2,358
    The easiest method to allow non-priviledge users to log onto a Domain Controller is to add them to the "Remote Desktop Users" domain global group. In general, it is not suggested to use it, although, primarily due to security implications.

  4. #4
    Join Date
    Jul 2009
    Posts
    3

    Re: "You cannot log on because the logon method you are using is not allowed on this computer"

    I assigned "Remote Desktop Users" to a user account but the user is still not able to login. I had a look into Local Security Policy->Security Settings/Local Policies/User Rights Assignment/Allow log on locally, Remote Desktop Users is not in the list. The Add User or Group button is disabled

    Please advise what security group should I give to the user so that the user can login to server to perform some administrator tasks such as reset password.

  5. #5
    Join Date
    Nov 2005
    Posts
    631

    Re: "You cannot log on because the logon method you are using is not allowed on this computer"

    I think that a non-domain admin would not need to logon to a domain controller to perform such tasks as resetting password. You can try to install the adminpak.msi tools on the users workstation and once it is installed, instruct the user to simply run Active Directory Users and Computers, select the OU they have been delegated permissions, and they will be able to change or reset password.

  6. #6
    Join Date
    Jul 2009
    Posts
    3
    Thanks for your simple step by step explaination.

    I created a MMC added with snap shots Event Viewers and Active Directory Users and COmputers on my AD Domain Server 2008, save it as Users mode-Full access (for testing purpose).

    I copied the MMC to another non-AD Server 2008 which is login as the same domain. I opened the MMC, i can view the event viewers. But when i click on Active Directory Users and COmputers on the left panel, "MMC could not create the snap-shot" was shown on the right panel.
    Please advise.

    Also, if i really want to create a user with "Remote desktop" security group, but that security group is not listed in the local group policy, is there a way?

    Thanks

Similar Threads

  1. "Not allowed to play this game" error message in windows 7
    By vijay nahur in forum Operating Systems
    Replies: 4
    Last Post: 11-01-2011, 06:48 PM
  2. Replies: 1
    Last Post: 13-05-2010, 03:46 AM
  3. Replies: 5
    Last Post: 23-12-2009, 04:27 PM
  4. Replies: 5
    Last Post: 26-10-2009, 07:20 PM
  5. Joomla "Direct Access to This Location Is Not Allowed" Error
    By Ananias in forum Technology & Internet
    Replies: 3
    Last Post: 22-05-2009, 02:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •