Error 1385: The user has not been granted the requested logon type at this time

In this article, we will discuss how to fix “Error 1385: The user has not been granted the requested logon type at this time’. Logon Types are logged in the Logon Type field of logon events for every successful and failed logon. Please see how to enable Bitlocker Pre-Boot Authentication via the Group Policy, BitLocker Drive Encryption architecture and implementation types on Windows and Pleasant User Group Permission and User Access.

These events appear in the Windows event log and help in analyzing the various logon types. The following logon types are supported in the Windows environment which is a total of nine different types of logons.

This error could also occur, if the user does not have the appropriate console logon rights. Please refer to the solutions provided on how to fix this issue, depending on whether the error is encountered during logon to a domain controller or to other Windows PCs. Kindly refer to the following guide: Logon types: The different Windows Logon Types.

Kindly refer to some other guides I have written: How to enable or disable BitLocker Drive Encryption on Windows 10 and Virtual Machines, how to uninstall your current version of MBAM and run setup again, how to clear, enable or disable TPM in Windows via the BIOS or UEFI, 

Possible cause of Error 1385

Error 1385 will occur if the desktop policy “Access this computer from the network” is modified. Additionally, if the users and groups in this policy no longer include the logging-in user, the error might appear. This normally won’t happen as the default values for this policy include “Users” and “Everyone” access groups.

Possible Solution

To resolve this issue, edit the Access this computer from the network local policy on the desktop to restore the “Users” access group or add one or more user and group values to provide the required access.

Right-click on Access this computer from the network>Properties>Add Users or Groups, add everyone if not added before.

• As you can see, we added it earlier.
• Make sure you don’t apply “Deny logon locally” to the same users/groups.

You can also configure this using Group Policy. You can locate these configuration settings at Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

• Make sure that you are login to the current machine with the administrator account, then run gpedit.msc as Administrator.
• Or try to run gpedit.msc as a different user, then provide the administrator credentials
• Don’t forget to perform “gpupdate /force”” in command prompt for Policy update.

Administrative Tools>Local Security Settings>Local Policies>User Rights Assignment, right-click on Access this computer from the network>Properties>Add Users or Groups, add everyone if not added before.

• As you can see, we added it earlier.
• Make sure you don’t apply “Deny logon locally” to the same users/groups.

What could be the error?

This issue can occur if the user does not have the appropriate console logon rights. It is a domain controller, and there are admin policy restrictions on the server.

The user account was a regular account and as such could not run the application. I switched to a different server to reproduce this and was able to perform the operation which failed previously.

I hope you found this blog post on how to fix Error 1385: The user has not been granted the requested logon type at this time helpful. If you have any questions, please let me know in the comment session.