Logon failure: the user has not been granted the requested logon type at this computer windows 7

In this post, we’re gonna solve “Logon failure: The user has not been granted the requested logon type at this computer” error.

We will also go through the following:

You might also like to read Evaluation Period expired for Windows Server 2012 R2, How to extend it?

The user has not been granted the requested logon type at this computer

I have created a new user in Active Directory on Windows Server 2012 R2, when I tried to log in with the newly created user to a site or windows, unfortunately, I couldn’t log in, I got the below error.

Logon failure: The user has not been granted the requested logon type at this computer.

How to solve “The user has not been granted the requested logon type at this computer”?

This error usually occurs in case the login user does not have permission to log on locally to this computer.

To solve “The user has not been granted the requested logon type at this computer” error, you should make sure that the login user and all groups that belong to are allowed to log on locally to this computer.

To get which groups the current user belongs to, Please check Get Groups in which a user is a member Using PowerShell.

Allow Logon Locally In Windows Server

Steps

• Log in to the server with a Domain Administrator Account.
• Run Group Policy Management as Administrator.
  • Open start menu > type “gpedit.msc“.
  • Right-click and select Run as administrator.

• Under Computer configuration >  go to Windows Settings > Security Settings > Local Policies > User Rights Assignemnts.
• Right Click on Allow Logon Locally > Properties.
• Click on Add User and Group then add the new user account.

Note: if “Add User button is disabled in User Rights Assignment“, that means the current user is not a domain admin account, to solve this issue please, check the Add User button is grayed out in User Rights Assignment.

Force Group Policy Update

To instantly reflect the above changes in Group Policy Management, you should do the following:

• Open CMD as administrator.

• Run the below command to apply Policy update.

• Try to log in now.
• Great, “The user has not been granted the requested logon type at this computer” is gone, you should be able to login to this computer without any issue now.

Allow Logon Locally to Windows (Alternative Method)

Alternatively, you can also allow the newly created user to logon locally to the windows by doing the following:

Steps

• Login to the server as a domain administrator account.
• Go to Control Panel > Administrative tools.
• Right-click on Group Policy Management > Select Run as administrator.

• From left side > Expand Forest node > Domains > Domain Name > Domain Controller.
• Right-click on Default Domain Controller Policy > Click Edit.

Note: Although you have run the Group Policy Management as an administrator, you may get the Edit option is disabled which means you didn’t log in to the server/PC as a domain administrator account. to solve this issue, please, check the Edit default domain policy grayed out.

• In Group Policy Management Editor.
• Expand Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
• In the pane details >  Double click on  Allow Log on Locally.

• In Allow log on locally Properties > Click on Add User or Group > Add the new user > Click OK.

Note: if Add User button is disabled in User Rights Assignment, that means the current user is not a domain admin account. to solve this issue please, check the Add User button is grayed out in User Rights Assignment.

Force Group Policy Update

To instantly reflect the above changes in Group Policy Management, you should do the following:

• Open CMD as administrator.

• Run the below command to apply Policy update.

• Try to log in now.
• Great, “The user has not been granted the requested logon type at this computer” is gone, you should be able to login to this computer without any issue now.

Edit default domain policy grayed out

Even if you have run the “Group Policy Management” as administrator,

You may not be able to edit default domain policy as shown below:

Actually, you get “Edit default domain policy grayed out” If the current user is not a member of Domain Admins security group or Enterprise Admins security group.

To check if the current user is a member of Global Domain Admins group or not, Please check Get all Groups a user is a member of Using PowerShell

Enable “Edit default domain policy”

To enable “Edit default domain policy” option, you must

• Login to the server with a domain admin account like Administrator account.

• Or using the current user,
  • Open “Administrative Tools”.
  • Press shift + right-click to run “Group Policy Management” as a different user.
  • Then provide the credential of a domain administrator account.

Whatever which method you will use, you would be able to “Edit default domain policy” now as shown below:

Add User button is grayed out in User Rights Assignment

Again, you may get “Add User button is grayed out in User Rights Assignment” as shown below:

This issue also occurs If the current user is not a member of Domain Admins security group or Enterprise Admins security group.

Enable “Add User button in User Rights Assignment”

To enable “Add User button in User Rights Assignment“, you should do the following:

• Open “Administrative Tools” as administrator.

• Press shift + right-click to run “Group Policy Management” as a different user.

• Then provide the credential of a domain administrator account.

• In Group Policy Management Editor.
• Expand Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
• In the pane details >  Double click on  Allow Log on Locally.

• Great, the Add User or group button is enabled in User Rights Assignment now as shown below:

Applies To

• Windows Server 2012.
• Windows Server 2016.

Conclusion

In conclusion, we have solved “Logon failure: The user has not been granted the requested logon type at this computer” error by configuring group policy management and allowing Logon Locally privileges to the new user to be able to login to the windows.

We have also solved the below issues that we may face during configuring “Group Policy Management” :

• Edit default domain policy grayed out.
• Add User button is grayed out in User Rights Assignment.

You may also like to read

Have a Question?

If you have any related questions, please don’t hesitate to ask it at deBUG.to Community.