This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 91%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
I have a Windows 2019 domain controller that is throwing the exception below when anybody but the administrator logs into. This recently changed, but I'm not sure what triggered the change. My profile is part of the Remote Desktop user group and the server is running NLA (part of the default group policy). I'm able to log on to all computers on the domain.
[Window Title]
Remote Desktop Connection
[Content]
The system administrator has restricted the types of logon (network or interactive) that you may use. For assistance, contact your system administrator or technical support.
[^] Hide details [OK]
[Expanded Information]
Error code: 0x1307
Extended error code: 0x0
Timestamp (UTC): 03/26/24 03:01:36 PM
I'm running Windows 11 OS on the client.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello John McCleskey,
Thank you for posting in Q&A forum.
1.How many Domain Controllers are there in this domain?
2.Do you mean when non-Administrator logs on this Domain Controller, there will be such error message?
3.Or when non-Administrator logs Windows 11 OS on the client, there will be such error message?
4.Did you log on the machine locally or remotely?
If you cannot log on to Windows 11 OS client, please check:
Go to Local Security Policy
Navigate to Security Settings -> Local Policies -> User Rights Assignment
Access this computer from Network (has this user or user group)
Allow log on locally (has this user or user group if you are talking about local logon)
Allow log on through Remote Desktop Services (has this user or user group if you are talking about remote logon)
Deny access this computer from Network (there is no this user or user group)
Deny log on locally (there is no this user or user group)
Deny log on through Remote Desktop Services (there is no this user or user group)
And check this user or user group is in Remote desktop users group (open lusrmgr.msc on this client to check).
If you cannot log on to Domain Controller, please check: Edit Default Domain Controller Policy,
Navigate to Security Settings -> Local Policies -> User Rights Assignment
Access this computer from Network (has this user or user group)
Allow log on locally (has this user or user group if you are talking about local logon)
Allow log on through Remote Desktop Services (has this user or user group if you are talking about remote logon)
Deny access this computer from Network (there is no this user or user group)
Deny log on locally (there is no this user or user group)
Deny log on through Remote Desktop Services (there is no this user or user group)
And check this user or user group in in Remote desktop users group.
And check this user or user group is in Remote desktop users group (open AD users and computers on Domain Controller to check).
References:
https://bobcares.com/blog/the-system-administrator-has-restricted-the-type-of-logon/
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.