When trying to logon a computer using non administrator ID, you may receive this message: “You cannot log on because the logon method you are using is not allowed on this computer. Please see you network administrator for more details.”
Case 1: Group Policy’ “Allow log on locally” was not setup to allow users or domain users. To setup allow users or domain users to logon the computer or domain, you need to add the users or domain users to the “Allow log on locally”. Please follow these steps to add the users.
1. Run gpedit.msc.
2. Expand Computer Configuration\Windows Settings\Security Settings\Local Policies
3. Click on User Rights Assignment
4. Ensure that “Allow log on locally” includes Administrators, Backup
Operators, Domain Users or Users.
Case 2: Group Policy’ “Deny log on locally” was setup to deny users or domain users. To setup allow users or domain users to logon the computer or domain locally, “Deny log on locally” should be empty or no users or domain users in the list. Please follow these steps to remove the users or domain users from the “Deny log on locally”.
1. Run gpedit.msc.
2. Expand Windows Settings\Security Settings\Local Policies
3. Click on User Rights Assignment
4. Ensure that “Deny log on locally” is empty.
Case 3: The local group policy allow user to logon. However, domain group policy which overrides local policy doesn’t allow users to logon locally. The resolution is modify the domain policy to allow users to logon locally.
Case 4: The domain policy allows domain users to logon locally, but the local policy doesn’t and the domain policy doesn’t apply to the computer. The fix is running gpupdate to force to update the domain policy.
Case 5: Norton Firewall blocks the communication between the client and domain controller. The solution is disabling Norton firewall or re-configuring it to allow to access the domain controller.