I have created a new user via Active Directory on Windows Server 2012 R2, I tried to log in with this user to site or windows, but unfortunately, I couldn’t log in, I got the following error.
Logon failure : The user has not been granted the requested logon type at this computer.
This error usually occurs because of
- The Telnet Client feature is enabled.
- The login user does not have permissions to log on locally to this computer.
You should make sure that the login user, and all groups that he belongs to, are not denied the right to log on locally by doing the following:
- Log in to the server with the Administrator account.
- Open start menu > type “gpedit.msc” to open Group Policy Management > Right click and select Run as administrator.
- Under Computer configuration, go to Windows Settings > Security Settings > Local Policies > User Rights Assignemnts.
- Right Click on Allow Logon Locally > Properties.
- Click on Add User and Group and add the new user account.
Alternative way: Go to Control Panel > Administrative tools > Right click on Group Policy Management > Select Run as administrator.
- From left side > Expand Forest node > Domains > Domain Name > Domain Controller > Right click on Default Domain Controller Policy > Click Edit.
- Note: Although you have been run the Group Policy Management as administrator the Edit option might be disabled. that means you didn’t log in to the server as administrator as I mentioned in the first point. In this case, you must run Group Policy Management as a different user then provide the credential of the administrator account.
- In Group Policy Management Editor > Expand Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > In the pane details > Double click on Allow Log on Locally.
- In Allow log on locally Properties > Click on Add User or Group > Add the new user > Click OK.
- Open CMD as administrator.
- Run this command “gpupdate /force” for Policy update.
- The login user should be now granted the requested logon type at this computer.