This error is a little bit self-explanatory and that the account is not granted permission to log on to the device. With this, you will get such an error message at login as shown below.
Note: This is a Domain controller and as such by default, local user accounts are not granted access to logon the server.
If you wish to permit domain users to access your Domain Controller (DC) which is not recommended, you can configure Group Policy Object to have this configured.
- Launch the Gorup Policy Object Management Tool (gpmc.msc)
- Select your domain and expand Group Policy Objects then right click on "Default Domain Controller Policy"
- Click Edit
Under the Computer Management,
- Expand Policies and
- Select Windows Settings
- Expand Security Settings and
- Select Local Policies and then
- Click on User Rights Management
- Right click on Allow Logon Locally and
- Click on Properties
- On the other pane, Add the User of Group that you wantAlternatively, if the user is denied logon access to the server, you will need to remove the user from the list of denied logon access. To do this, launch the GPO and follow the path to have this fixed.
Enter "secpol.msc" in the Run dialog box or Contona Window.
- Press Enter to open the Local Security Policy window.
Navigate to the Security Settings
- Local Policies
- User Rights Assignment.
In the right pane, locate the policy named Deny log on locally.
- Double-click on it to modify by removing the user from the list.I hope you found this blog post helpful. If you have any questions, please let me know in the comment session. I welcome you to follow me on Twitter and Facebook.
