0

I have machine with windows server 2008 r2 when i try to log on using account other that is not in administrators group i am uable to logon and get the follwoing error "Your account is configured to prevent you from using this computer"

I have added all the domain users into remote desktop users group and Edited the local security GPO policyallow logon on localy and allow logon on through remote desktop services added in remote desktop users group to it . In addition to this on the ad the users is configured to allow logon on all machines.

I am not sure what i am missing that is preventing non administrative users from loggin on to this machine.

nashrafeeq
  • 255
  • 1
  • 3
  • 12
  • 1
    Remote Desktop can be run in two different modes of operation. You should configure Remote Desktop Services to allow any authorized user to connect. I think you have Remote Desktop for Administration mode configured now. – Laurentiu Roescu Apr 05 '13 at 06:04
  • Do you have the relevant CALs installed? – Andrew Apr 05 '13 at 06:07

1 Answers1

-3

I'm experiencing a similar issue. We have "Audit: Shut down system immediately if unable to log security audits" enabled, which may set a registry key at HLKM\System\CurrentControlSet\Control\LSA\crashonauditfail to a value that prevents users other than admins to log on after the Security event log fills...
According to the "Explain" tab for this security option, when the security log is full, you must "log on, archive the log (optional), clear the log, and reset this option as desired. Until this security setting is reset, no users other than a member of the Administrators group will be able to log on to the system, even if the security log is not full."
I think the registry key I mentioned is option to be reset.
I haven't been able to test this theory yet, but I thought I'd share it. Maybe someone can verify or disprove it...

user3271228
  • 27
  • 4
  • Please keep working on this answer. If this pans out as a fix in your scenario, it could be valuable to the OP. – blaughw Nov 02 '15 at 20:12
  • Our HLKM\System\CurrentControlSet\Control\LSA\crashonauditfail was set to 2 and non-admins could not log on. Setting it to 1 allowed the local non-admin account to log on as desired. So it did turn out to be the culprit in our particular case. – user3271228 Nov 09 '15 at 19:39
  • This worked for you, so edit your original answer. You never know, this could be exactly what the OP is up against. – blaughw Nov 09 '15 at 20:03