Sửa lỗi log on failure the user has not been năm 2024

If you receive this error from the Windows Task Scheduler then it means the user account does not have the logon right [Log on as a batch job, SeBatchLogonRight] required to run scheduled tasks. Administrator accounts usually have this logon right, but standard users typically do not. As an administrator you can give this logon right to a non-admin user.

Note that this does not make the account an administrator. It just gives the account the ability to use the task scheduler in Windows.

If you cannot give the account the logon right, or do not wish to, then one option is to configure to schedule to run only when the user is logged on. Alternatively, you could set the profile to run when the users logs in. Running a profile on logout is not recommended or even possible in many situations. This is because Windows aggressively acts against programs that slow or stop the logoff process from happening in a timely manner.

To give a user the necessary logon right:

• Log in as an administrator user
• Go to Control Panel -> Administrative Tools -> Local Security Policy
• Expand the tree on the left to show Local Policies -> User Rights Assignment
• Double-click on "Log on as batch job" on the right
• Click the "Add User or Group..." button and add the user. Note: you probably need to add the user specifically; adding a Group [of which the user is a member] may not be sufficient.
• Bear in mind that the user [or any Group he is a member of] may be configured so that this privilege is specifically denied ['Deny log on as a batch job', or similar]. Generally, Windows deems restrictions as overriding permissions in any conflict

If you are using Windows 7 Home [or a non-Professional version of Windows] then you may have to use a different method because Microsoft has removed the Local Security Policy applet from that version of Windows:

• Download the Windows 2003 Resource Kit
• Run the installer as Administrator
• Ignore the message that it has known incompatibilities with Windows 7 and install it anyway. There are other tools in the resource kit that may not be compatible, but we are only going to use one of them [ntrights] and that is compatible. Run a command prompt as Administrator [Start > All Programs > Accessories, then Right Click on "Command Prompt" and choose "Run as Administrator"]

In this post, we’re gonna solve “Logon failure: The user has not been granted the requested logon type at this computer” error.

We will also go through the following:

You might also like to read Evaluation Period expired for Windows Server 2012 R2, How to extend it?

I have created a new user in Active Directory on Windows Server 2012 R2, when I tried to log in with the newly created user to a site or windows, unfortunately, I couldn’t log in, I got the below error.

Logon failure: The user has not been granted the requested logon type at this computer.

How to solve “The user has not been granted the requested logon type at this computer”?

This error usually occurs in case the login user does not have permission to log on locally to this computer.

The login user does not have permission to log on locally to this computer

To solve “The user has not been granted the requested logon type at this computer” error, you should make sure that the login user and all groups that belong to are allowed to log on locally to this computer.

To get which groups the current user belongs to, Please check Get Groups in which a user is a member Using PowerShell.

Allow Logon Locally In Windows Server

• Log in to the server with a Domain Administrator Account.
• Run Group Policy Management as Administrator.
  • Open start menu > type “gpedit.msc“.
  • Right-click and select Run as administrator.

• Under Computer configuration > go to Windows Settings \> Security Settings \> Local Policies \> User Rights Assignemnts.
• Right Click on Allow Logon Locally \> Properties.
• Click on Add User and Group then add the new user account.

Note: if “Add User button is disabled in User Rights Assignment“, that means the current user is not a domain admin account, to solve this issue please, check the .

To instantly reflect the above changes in Group Policy Management, you should do the following:

• Open CMD as administrator.

• Run the below command to apply Policy update.

gpupdate /force

• Try to log in now.
• Great, “The user has not been granted the requested logon type at this computer” is gone, you should be able to login to this computer without any issue now.

Allow Logon Locally to Windows [Alternative Method]

Alternatively, you can also allow the newly created user to logon locally to the windows by doing the following:

• Login to the server as a domain administrator account.
• Go to Control Panel > Administrative tools.
• Right-click on Group Policy Management \> Select Run as administrator.

• From left side > Expand Forest node > Domains > Domain Name > Domain Controller.
• Right-click on Default Domain Controller Policy > Click Edit.

Note: Although you have run the Group Policy Management as an administrator, you may get the Edit option is disabled which means you didn’t log in to the server/PC as a domain administrator account. to solve this issue, please, check the .

• In Group Policy Management Editor.
• Expand Computer Configuration \> Policies \> Windows Settings \> Security Settings \> Local Policies \> User Rights Assignment.
• In the pane details > Double click on Allow Log on Locally.

• In Allow log on locally Properties > Click on Add User or Group > Add the new user > Click OK.

Note: if Add User button is disabled in User Rights Assignment, that means the current user is not a domain admin account. to solve this issue please, check the .

To instantly reflect the above changes in Group Policy Management, you should do the following:

• Open CMD as administrator.

• Run the below command to apply Policy update.

gpupdate /force

• Try to log in now.
• Great, “The user has not been granted the requested logon type at this computer” is gone, you should be able to login to this computer without any issue now.

Edit default domain policy grayed out

Even if you have run the “Group Policy Management” as administrator,

You may not be able to edit default domain policy as shown below:

Actually, you get “Edit default domain policy grayed out” If the current user is not a member of Domain Admins security group or Enterprise Admins security group.

To check if the current user is a member of Global Domain Admins group or not, Please check Get all Groups a user is a member of Using PowerShell

Enable “Edit default domain policy”

To enable “Edit default domain policy” option, you must

• Login to the server with a domain admin account like Administrator account.

• Or using the current user,
  • Open “Administrative Tools”.
  • Press shift + right-click to run “Group Policy Management” as a different user.
  • Then provide the credential of a domain administrator account.

Whatever which method you will use, you would be able to “Edit default domain policy” now as shown below:

Add User button is grayed out in User Rights Assignment

Again, you may get “Add User button is grayed out in User Rights Assignment” as shown below:

This issue also occurs If the current user is not a member of Domain Admins security group or Enterprise Admins security group.

Enable “Add User button in User Rights Assignment”

To enable “Add User button in User Rights Assignment“, you should do the following:

• Open “Administrative Tools” as administrator.

• Press shift + right-click to run “Group Policy Management” as a different user.

• Then provide the credential of a domain administrator account.

• In Group Policy Management Editor.
• Expand Computer Configuration \> Policies \> Windows Settings \> Security Settings \> Local Policies \> User Rights Assignment.
• In the pane details > Double click on Allow Log on Locally.

• Great, the Add User or group button is enabled in User Rights Assignment now as shown below:

Applies To

• Windows Server 2012.
• Windows Server 2016. Conclusion

In conclusion, we have solved “Logon failure: The user has not been granted the requested logon type at this computer” error by configuring group policy management and allowing Logon Locally privileges to the new user to be able to login to the windows.