Logon failure: the user has not been granted the requested logon type at this computer

Posted on February 28, 2020 by timlyg

On Windows Server 2008, can't runas certain user. Gave the above error.

Solution:

Domain Controllers

  1. Open the Group Policy Management Console (gpmc.msc) on the domain controller.
  2. Expand your domain and then the Domain Controllers OU.
  3. Right-click the Default Domain Controllers Policy and select Edit.
  4. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
  5. Configure Allow log on locally and Allow log on through Remote Desktop Services rights to include the users/groups that will be logging into any domain controllers protected with Duo Authentication for Windows Logon.
  6. Ensure that Deny logon locally is not applied to the same users/groups.
  7. Run a gpupdate /force command on the appropriate domain controllers to apply the policy changes.
This entry was posted in Technical. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.