Allow logon locally GPO setting is not working

Question

i have configure a GPO setting as below to allow specific users to access to a machine

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment->Allow log on locally(Add users and groups)

the GPO applied well, i can see the settings from the GPO report.

But users who are not in the group still can access to the machine, what is the reason ?

Answer 1

Hi,

1. How the users who are not in the group access to the machine? Locally or Remotely?
   Users who do not have the Allow log on locally right are still able to start a remote interactive session on the device if they have the Allow logon through Remote Desktop Services right
2. Are your machine domain-joined or in workgroup environment? If domain joined, have you checked if there is any related domain policy? Domain policy should prior to local policy
3. Please double confirm you have removed all other default groups such as Administrators, Backup Operators, Users and Guests. And it is better to create a new group with the users you want to put in and then added the new created group to the Allow log on locally list. Sometime, old group might have some other security rights which prevent the policy from working correctly.

Thanks,

Eleven

If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.