This error is a little bit self-explanatory and that the account is not granted permission to log on to the device. With this, you will get such an error message at login as shown below.
Note: This is a Domain controller and as such by default, local user accounts are not granted access to logon the server.
If you wish to permit domain users to access your Domain Controller (DC) which is not recommended, you can configure Group Policy Object to have this configured.
- Launch the Gorup Policy Object Management Tool (gpmc.msc) - Select your domain and expand Group Policy Objects then right click on "Default Domain Controller Policy" - Click Edit Under the Computer Management, - Expand Policies and - Select Windows Settings - Expand Security Settings and - Select Local Policies and then - Click on User Rights Management - Right click on Allow Logon Locally and - Click on Properties - On the other pane, Add the User of Group that you wantAlternatively, if the user is denied logon access to the server, you will need to remove the user from the list of denied logon access. To do this, launch the GPO and follow the path to have this fixed.
Enter "secpol.msc" in the Run dialog box or Contona Window. - Press Enter to open the Local Security Policy window. Navigate to the Security Settings - Local Policies - User Rights Assignment. In the right pane, locate the policy named Deny log on locally. - Double-click on it to modify by removing the user from the list.I hope you found this blog post helpful. If you have any questions, please let me know in the comment session. I welcome you to follow me on Twitter and Facebook.
“I am unable to login with any account even local administrator, while login it shows ‘The sign-in method you are trying to use isn’t allowed. For more info, contact your network administrator‘. Please help me out on this problem.”
If your account is not granted the permission to log on locally, you’ll get such an error message at login. To fix this problem, we need to tweak the local security policy, or domain controller policy if you’re facing the same login issue with a domain user.
For Standardalone Computer:
- Press the Windows key + R and type secpol.msc in the Run box. Press Enter to open the Local Security Policy window.
- Expand to Security Settings > Local Policies > User Rights Assignment. In the right pane, locate the policy named Deny log on locally. Double-click on it to modify.
- Check if your problematic user account or the user groups it belongs to is listed there. If it is there, select it and click on Remove.
- When it’s done, click Apply and then OK. Reboot your computer and you should be allowed to log on to your account locally.
For Domain Controller:
There is also a corresponding security policy existing in domain controller that can cause the problem “The sign-in method you are trying to use isn’t allowed. For more info”. Follow these steps to fix it:
- To get started, open the Group Policy Management. In Windows Server 2008, you can click Start, then select All Programs > Administrative Tools > Group Policy Management.
- On the left hand side of Group Policy Management, expand Forest > Domains > your domain name, and then click Group Policy Objects. In the right-hand window, double-click on Default Domain Controllers Policy and select Edit.
- This will open the Group Policy Management Editor window. Navigate to:
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights AssignmentsIn the right pane, double-click on Deny log on locally.
- Check if your problematic domain account or the domain groups it belongs to is listed there. If it is there, select it and click on Remove.
- Click Apply and OK to save your changes. Reboot your computer and you can then login without permission issues.
The error "The Sign-in method you're trying to use isn't allowed. For more info, contact your network administrator", commonly appears when you try to log on using the "Guest" account to a Windows 10 PC, or to a Domain Controller with any other user than then Domain Administrator. The error appears, because by default you cannot sign in locally with any user that hasn't administrator permissions on a Domain Controller or to a Windows 10 PC .
This tutorial contains instructions to bypass the error "The Sign-in method you're trying to use isn't allowed" on Windows 10 or Server 2016/2012.
How to FIX: Sign-In Method is not Allowed on Windows 10 & Server 2016/2012.
To solve the error "The Sign-in method you're trying to use isn't allowed", follow the instructions below, according your case. you have the following options:
Case 1. How to Allow a User to Log on locally on a Standalone Server.If you want to sign in locally, with any other user than Administrator, to a Standalone Server 2016/2012/2008, or on a computer which part of a Domain, proceed and modify the default Group Policy to allow the Sign-in to standard users, by following the instructions below:
1. Login to the Server (or the domain computer), as Administrator.
2. Open the Local Group Policy Editor. To do that:
1. Simultaneously press the Windows
+ R keys to open run command box.
2. Type gpedit.msc and press Enter.
2. In Group Policy Editor navigate to: Computer Configuration > Windows Settings> Security Settings > Local Policies > User Rights Assignment
3. At the right Pane: double click at Allow log on locally
3. At 'Allow log on locally Properties' window, click Add User or Group. *
* Note: By default on a standalone server the following groups has permission to log on locally:
- Administrators
- Backup Operators
- Users
So, if you want to give the permission only to specific user(s) to logon locally, remove the "Users" group from here.
4. Type the name of the user that you want to log on locally and click OK twice to close all windows.
5. Then open the Deny log on locally policy and make sure is empty.
6. Close the Local Group Policy Editor.
7. Restart the server, or run the gpupdate /force command to apply the new group policy settings (without restart).
In order a domain user to logon locally from the domain controller console, the user must belong to one of the following groups:
- Account Operators
- Administrators
- Backup Operators
- Print Operators
- Server Operators
So, if you want to grant a user account the ability to log on locally to a domain controller, you must make that user a member of one of the above groups. *
* Note: To avoid security risks, do not add the user to Administrators group. and prefer to add the user to 'Backup Operators'.
That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free:
If you want to stay constantly protected from malware threats, existing and future ones, we recommend that you install Malwarebytes Anti-Malware PRO by clicking below (we do earn a commision from sales generated from this link, but at no additional cost to you. We have experience with this software and we recommend it because it is helpful and useful):