2012 Server - This user is not allowed to sign in to this computer

Get help with troubleshooting issues
Post Reply
mjiminez1
Posts: 3
Joined: Thu Feb 16, 2017 6:31 pm

2012 Server - This user is not allowed to sign in to this computer

Post by mjiminez1 » Thu Mar 30, 2017 11:23 pm

So I have customers on Windows Server 2008 and am currently moving them to new hyper-v boxes with server 2012 r2. I have them in their own AD OU in Active Directory running on a 2003 box (yeah I know its old and it will be replaced soon). I only allow them to log on to their server in the cloud.

I generate the desktop icon on the new server and place it on the customer's desktop. They get an error that says "This user is not allowed to sign in to this computer". There are two ways to get this to work.

1. Add their machine name to the logon section of AD (no I don't add their machine to the domain just the log on section of their account)
2. Don't add a logon restriction which is not the best from a security standpoint

My question is, how come it is requiring their machine name to be part of the logon section of AD when their machine is not on our domain? It does not happen when connecting to the Windows 2008 R2 servers. I can add a server name to their account and that will be the only machine that is needed to let them in. I'm not sure if this is a TSPlus issue or Windows 2012 issue. I have checked local policies on the server (as well as group policies) I'm testing with and Allow to Logon locally is not enabled. Is there anything in TSPlus I can change to make this work without adding their machine names?
Attachments
Login error seen by user
Login error seen by user
Login Error.jpg (7.05 KiB) Viewed 4613 times
AD Snapshot.PNG
AD button under account tab
(3.22 KiB) Downloaded 1334 times

Post Reply