Cannot Login to Windows: User has not been granted the requested logon type at this computer. (Solved)
If you cannot log on to an active directory user from a Windows workstation, due to error "Logon failure: the user has not been granted the requested logon type at this computer", continue reading below to fix the problem.
The logon error "The user has not been granted the requested logon type" when attempting to login to an Active Directory computer or Domain controller, occurs because the user is not allowed to log on locally in Policy settings.
- Related article: Cannot Access Shared Folder: User has not been granted the requested logon type at this computer.
How to fix Login error: 'User has not been granted the requested logon type' on Windows 10/11 Pro , Servers & Domain Controllers.
Method 1. Allow user to log on locally on Windows PC's & Servers.
To fix the mentioned error on a Windows 10/11 Pro PC or in Windows Server, do the following:
1. Log on to the PC with another account with Administrative rights.
2a. Press Windows + R keys to open the run command box.
2b. Type gpedit.msc and press Enter to open the Group Policy Editor.
3. In Policy editor, navigate to the following location:
- Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
4a. At the right, open the Allow log on locally policy.
4b. At 'Allow log on locally Properties' window click Add User or Group and then add the user(s) you face the mentioned error. Then click OK to apply the change.
5a. Now open the Deny log on locally policy.
5b. Here ensure that the affected user is not listed. If so, select the user and then click Remove, to delete it from the list. When done, click b
5. Now, close the Policy Editor and restart the computer, or give the "gpupdate /force" command in Admin command prompt to apply the policy.
6. Try to log on now. The 'User has not been granted the requested logon type at this computer' error should be gone.
Method 2. Allow user to log on locally on a Domain Controller. *
To solve the error "User has not been granted the requested logon type at this computer" when trying to log on locally on the Domain Controller using an AD user account, do the following:
* Note: Apply these steps, only if you cannot login to the Domain Controller from a particular domain user.
1. Log on to the AD domain controller with an account that has domain administrator rights(e.g. with the domain's "Administrator" account).
2. Open the Server Manager and from Tools menu, open the Group Policy Management. *
3. Right click on Default Domain Policy and choose Edit.
4. Now navigate to:
-
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
5a. At the right, open the Allow log on locally policy.
5b. Check the Define these policy settings box and then click Add User or Group to add the domain users that allowed to log on locally on the domain controller. When done, click OK.
6a. Now open the Deny log on locally policy.
6b. Here make sure that the affected user is not listed. If so, remove it.
7. Close the Group Policy Management Editor.
8. Finally, open command prompt and give the following command to apply the change(s)
-
gpupdate /force
That's all folks! Did it work for you?
Please leave a comment in the comment section below or even better: like and share this blog post in the social networks to help spread the word about this solution.
- How to Block Windows 11 Upgrade on Windows 10. - April 25, 2024
- FIX: Error 0x81000203 in System Restore. (Solved) - April 23, 2024
- Cannot Access Shared folder. User has not been granted the requested logon type at this computer. (Solved) - April 18, 2024