![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 82%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
28,658 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
- How the users who are not in the group access to the machine? Locally or Remotely?
Users who do not have the Allow log on locally right are still able to start a remote interactive session on the device if they have the Allow logon through Remote Desktop Services right - Are your machine domain-joined or in workgroup environment? If domain joined, have you checked if there is any related domain policy? Domain policy should prior to local policy
- Please double confirm you have removed all other default groups such as Administrators, Backup Operators, Users and Guests. And it is better to create a new group with the users you want to put in and then added the new created group to the Allow log on locally list. Sometime, old group might have some other security rights which prevent the policy from working correctly.
Thanks,
Eleven
If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.