Hi guys, i have a problem, i'm not sure if this issue has been raised or what but here is my problem.My environment:2003 Domain controllerFile and Print server WSUS ServerSQL ServerWindows XP wks2 new Windows 7 wksWhat happens is that when i try to logon to the domain on the win7 machine as a std user i get error"You cannot log on because the logon method you are using is not allowed on this computer"If i logon with the domain admin account i'm able to logon and also if i make users members of domain admins they are able to logon to the domain. I realy do not believe that this is the way to go because it compromises my network security. Any help will be gladly appreciated.Thanks

Symptom: When trying to logon a computer using non administrator ID, you may receive this message: "You cannot log on because the logon method you are using is not allowed on this computer. Please see you network administrator for more details." Case 1: Group Policy' "Allow log on locally" was not setup to allow users or domain users. To setup allow users or domain users to logon the computer or domain, you need to add the users or domain users to the "Allow log on locally". Please follow these steps to add the users. 1. Run gpedit.msc.2. Expand Windows Settings\Security Settings\Local Policies3. Click on User Rights Assignment4. Ensure that "Allow log on locally" includes Administrators, BackupOperators, Domain Users or Users. Case 2: Group Policy' "Deny log on locally" was setup to deny users or domain users. To setup allow users or domain users to logon the computer or domain locally, "Deny log on locally" should be empty or no users or domain users in the list. Please follow these steps to remove the users or domain users from the "Deny log on locally". 1. Run gpedit.msc.2. Expand Windows Settings\Security Settings\Local Policies3. Click on User Rights Assignment4. Ensure that "Deny log on locally" is empty. Case 3: The local group policy allow user to logon. However, domain group policy which overrides local policy doesn't allow users to logon locally. The resolution is modify the domain policy to allow users to logon locally. Case 4: The domain policy allows domain users to logon locally, but the local policy doesn't and the domain policy doesn't apply to the computer. The fix is running gpupdate to force to update the domain policy. Case 5: Norton Firewall blocks the communication between the client and domain controller. The solution is disabling Norton firewall or re-configuring it to allow to access the domain controller.MCSE, MCSA, MCDST [If this post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.]

1. Run gpedit.msc. Sweet! now we are working towards the right direction cdobbs, my next question is where do i run the gpedit? On the wks or on the domain controller? Tell you why, I ran group policy editor on the workstation only to find that the "Allow log on locally" is locked, the Add User or Group is greyed out and there is nothing i can do on it.I'm running Nortons without firewall.

Generally if its greyed out, then a GPO is in effect from the DC preventing local change.MCSE, MCSA, MCDST [If this post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.]

Thanks, i have ammended my GPO settings on my DC, just waiting for guys to come back from the holidays, i will provide feedback then, thanks for your response, most appreciated.

I have this same issue. Windows 7 workstation in a Windows 2003 domain. Users can not log into Windows 7 unless they are added to the local Administrators group.I ran gpedit on the domain controller, but could not modify the User Rights Assignment, the Add/Remove button were greyed out.

Start a new thread itarc3, this thread has been answered for the original poster, you're more likely to get assistance for you problem(s) that way.MCSE, MCSA, MCDST [If this post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.]

Okie! looks like this threat can now be considered the ultimate answer to those who have the same problem. I'm happy to say that the problem is now solved, the solution provided is the correct one to resolve this issue. What i did was to remove the win7 users from my domain admin group and ammended my allow logon locally gpo as per instructions and viola! we are in business. Thanks a lot.

Hi... can you explain how did you edit GPO settings on DC. I've the same problem and not able to find any solution. Please help.