Home / server / Questions / 768110
Accepted
Uday Sriramadas
Asked: 2016-04-05 11:13:23 +0800 CST

Allow logon locally option grayed out

  • 772

We have a Domain Controller running on windows2012R2.

All local computers are on Windows10.

When i try to login to one of the client computer with Domain User Credentials i get an error

enter image description here

What could be the issue?

I tried to add users to " Allow log on locally " Policy on Local computer with Local admin login but im unable to add users or groups

enter image description here

Is there any work around?

please suggest.

group-policy

1 Answers

  1. Best Answer

    You need to manage this element via Group Policy Management. Czerw11 did a good write up of the process of using Group Policy Management to update this on your domain controllers via the Default Domain Controller Policy, you can extend this to your client policy as well.

    https://czerwsup.wordpress.com/2014/11/05/allow-log-on-locally-add-new-user-greyed-out-fix-via-domain-controller-policy-settings/

    Summary Steps:

    1. Admin Tools
    2. Group Policy Management
    3. Navigate through your domain to Default Domain Policy in your case (not Default Domain Controllers Policy as in the example)

    To improve this answer, the best practice is to not edit the Default Domain Controllers Policy, but to create a GPO with these policies changes and assign it to the narrowest OU you need to affect the servers. If you edit the Default Policies you remove all of the default permissions.

    1. Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies
    2. User Rights Assignment
    3. Double Click on Allow Log On Locally and add your users
    • 4