Error Message: The user has not been granted the requested logon type at this computer

Applies To: Windows Server 2008

This problem typically occurs when the user does not have the permissions to log on locally on the computer running Telnet Server. By default, members of the Users group have the ability to log on locally, but an administrator can deny the right to specific user or group accounts. An explicitly denied right always overrides an allowed right.

Diagnosis

This can be caused by either of the following:

  • Neither the user account nor any of the groups it belongs to has been granted the Allow log on locally user right.

  • The user account or one or more of the groups it is a member of has been listed in the Deny log on locally user right.

Resolution

Ensure that the user, or a group the user belongs to (such as the TelnetClients group), has the right to log on locally. Ensure that the user, and all groups that the user belongs to, are not denied the right to log on locally.

To assign the user right Allow log on locally

  1. On the Telnet server, open the Group Policy Management Editor. To do so, click Start, then in the Start Search box, type gpedit.msc, and then press ENTER.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  3. In the navigation pane, open Computer Configuration, Windows Settings, Security Settings, Local Policies, and User Rights Assignment.

  4. In the details pane, double-click Allow log on locally.

  5. Click Add User or Group.

  6. Find the user or group account you want to add, and then click OK.

  7. Click OK to save your changes to the Group Policy object (GPO).

  8. Users that are currently logged on must log off and back on to be affected by the changed GPO setting.

To remove a user or group from the user right Deny log on locally

  1. On the Telnet server, open the Group Policy Management Editor. To do so, click Start, then in the Start Search box, type gpedit.msc, and then press ENTER.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  3. In the navigation pane, open Computer Configuration, Windows Settings, Security Settings, Local Policies, and User Rights Assignment.

  4. In the details pane, double-click Deny log on locally.

  5. Select the user or group account you want to remove, and then click Remove.

  6. Click OK to save your changes to the GPO.

  7. Users that are currently logged on must log off and back on to be affected by the changed GPO setting.

Verification

After making user rights assignment changes, the user must log out and log back on to receive the new user rights. Then the user can try to use the Telnet client to connect to the Telnet server.

See Also

Concepts

Error Message: Access Denied - Specified user is not a member of the TelnetClients group
Error Message: The user's password must be changed before logging in the first time
Error Message: Telnet Server allows NTLM authentication only
Error Message: Error while connecting to the host - could not open a connection to host on port 23
You Cannot Connect to Network Drives by Using Current Logon Credentials
You Cannot Access Drive Letters Mapped by Others in Separate Telnet Sessions
Characters and Lines on the Telnet Client Display are Misaligned
The Cursor Loses Alignment with the Prompt
System Error 1058: Telnet Service Fails to Start