Server 2022 - I am getting the message "the sign in method you're trying to use isn't allowed" when trying to log in a user that is not an administrator. how do i fix this?

Hello JP Timpano,

Thank you for posting on the Microsoft Community Forum.

May I know if the server 2022 is in workgroup or in one domain?

And would you please tell us you sign in the server 2022 locally or remotely?

To fix this issue in Windows Server 2022, you can follow these steps:

1. Log in to the server using an administrator account.
2. Open the Group Policy Management Editor by typing "gpedit.msc" in the Run dialog box and pressing Enter.
3. In the Group Policy Management Editor, navigate to "Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "User Rights Assignment".
4. We can check "Allowed log on locally" if you sign in locally or "Allow logon through Remote Desktop Services" if you sign in remotely, there should be Administrators groups and the user account (or this user group) now you are using.

If your server 2022 is in one domain, and you may check the domain GPO that has such settings above.

Also, make sure "Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "User Rights Assignment" > the user account and the user group and Administrators group and domain administrators are not in the "Deny log on locally" if you sign in locally or "Deny logon through Remote Desktop Services" if you sign in remotely.

I hope you the information above is helpful.

If you have any questions or concerns, please do not hesitate to let us know.

Best Regards,

Daisy Zhou

Thank you Daisy Zhou123 for your reply to my question.

In response to questions and items in your reply:

1.) My server is in one domain and not in workgroup.

2.) I did what you said in #4 in your reply. When I go in to "Allowed log on locally" the groups that appear are as follows:

Account Operators

Administrators

Backup Operators

ENTERPRISE DOMAIN CONTROLLERS

Print Operators

Server Operators

And the button "Add user or group" is greyed out so I can't manually add the user who is NOT an Administrator

3.) Regarding your statement "If your server 2022 is in one domain and you may check the domain GPO that has such settings above", I don't know where to check this. Please advise.

4.) I checked the "Deny Log on Locally" and have confirmed that no user is entered there.

Just want to clarify further. I can log in to the user in question to any of the workstations without any problem, however my problem is only when I am trying to log in locally to the user on the domain server. This is when I am getting the message that the sign-in method isn't allowed for this particular user who is not an Admin. I know it has to be some type of permissions to be granted, but I don't know where to do this.

Any assistance would be greatly appreciated. Thank you. jp.timpano

Hello Hello JP Timpano,

Good day!

3.) Regarding your statement "If your server 2022 is in one domain and you may check the domain GPO that has such settings above", I don't know where to check this. Please advise.

A: The domain Administrator in the domain can check and change it if needed.

Best Regards,
Daisy Zhou

I am the domain administrator, and I am saying quite simply that I don't know how to do it. Please advise.

Hello JP Timpano,

Good day!

Now you can not sign in locally, an I right? If so, you can check:

1.On one problematic, open local group policy (that is open gpedit.msc) and navigate to "Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "User Rights Assignment" >"Allowed log on locally", there should be the user account or group with this user account in the list.

2.If the user account or group with this user account is not in the list "Allowed log on locally" after you check the local group policy and "Allowed log on locally" setting is greyed out and you can not make any changes, you can go to domain controller.

Open domain group policy (that is open gpmc.msc and click enter). Edit the "Default Domain Policy" GPO and navigate to "Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "User Rights Assignment" >"Allowed log on locally", there should be the user account or group with this user account in the list. If no, you can add the user account or group with this user account.

Best Regards,
Daisy Zhou