"You cannot log on because the logon method you are using is not allowed on this computer"
This is the error I am getting when I try to log in on the DC with a user which is not a member of the Domain Admin group. If I log in with the domain Administrator user and assign the domain admin group to the user it logs in normally. I have tried to create a different group but still the same.
Re: "You cannot log on because the logon method you are using is not allowed on this computer"
I think that the user has to be in the domain admin group. It is a domain controller, so why would you want a non-admin to log onto a domain controller? Can you tell me whether this is a Terminal Server in Application mode? If that is the case, then in order to allow a non-domain admin account to logon on to a Terminal Server, the account would need to be in the Terminal Services group, have log on locally rights, as well as log on interactive rights?
Re: "You cannot log on because the logon method you are using is not allowed on this computer"
I assigned "Remote Desktop Users" to a user account but the user is still not able to login. I had a look into Local Security Policy->Security Settings/Local Policies/User Rights Assignment/Allow log on locally, Remote Desktop Users is not in the list. The Add User or Group button is disabled
Please advise what security group should I give to the user so that the user can login to server to perform some administrator tasks such as reset password.
Re: "You cannot log on because the logon method you are using is not allowed on this computer"
I think that a non-domain admin would not need to logon to a domain controller to perform such tasks as resetting password. You can try to install the adminpak.msi tools on the users workstation and once it is installed, instruct the user to simply run Active Directory Users and Computers, select the OU they have been delegated permissions, and they will be able to change or reset password.