I'm trying to follow your logic here. You have a domain group called SLQ-Tor
. That group has logon permissions to a server. That group had the domain group Domain users
as a member which means every domain user was in the group. You then removed domain users from the group. Is this correct?
At this point any user who needs to log onto the machine would now need to be added to the SLQ-Tor
group as well. Furthermore you'd then need to wait for their cached credentials to update to show that they are in that new group. Note that you can check the members of a user via the UX or the CLI to confirm they are a member of the given group.
But the error you're posting about could be caused by issues other than appropriate logon. Since we have no visibility into the policies being applied to your server you should manually review the GPO policies being applied to the server. Use the gpresult /r
command to dump all the relevant memberships for the user and machine (on the server you're having issues with). Then make sure your server isn't more locked down than you thought.