I have created a new user via Active Directory on Windows Server 2012 R2, I tried to log in with the newly created user to a site or windows, unfortunately, I couldn’t log in, I got the below error.
Logon failure : The user has not been granted the requested logon type at this computer.
This error usually occurs in case,
- The Telnet Client feature is enabled.
- The login user does not have permissions to log on locally to this computer.
You should make sure that the login user, and all groups that he belongs to, are allowed to log on locally by doing the following:
- Log in to the server with the Administrator account.
- Run Group Policy Management as Admiistrator.
- Open start menu > type “gpedit.msc” > Right click and select Run as administrator.
- Under Computer configuration > go to Windows Settings > Security Settings > Local Policies > User Rights Assignemnts.
- Right Click on Allow Logon Locally > Properties.
- Click on Add User and Group then add the new user account.
Allow Logon Locally In Windows Server – Alternative Method
- Go to Control Panel > Administrative tools > Right click on Group Policy Management > Select Run as administrator.
- From left side > Expand Forest node > Domains > Domain Name > Domain Controller.
- Right-click on Default Domain Controller Policy > Click Edit.
Note: Although you have been run the Group Policy Management as administrator the Edit option might be disabled that means you didn’t log in to the server as administrator as I mentioned in the first point.
In this case, you must run Group Policy Management as a different user then provide the credential of the administrator account.
- In Group Policy Management Editor > Expand Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > In the pane details > Double click on Allow Log on Locally.
- In Allow log on locally Properties > Click on Add User or Group > Add the new user > Click OK.
- Open CMD as administrator.
- Run the below command to apply Policy update.
- The login user should be now granted the requested logon type at this computer.
- Windows Server 2012.
- Windows Server 2016.