Most Windows users experiences errors such as "The system administrator has restricted the type of logon that you may use" in the process of connecting to a Window Server.
Here at Ibmi Media, as part of our Server Support Services, we help our Customers to solve Windows related issues on a regular basis.
Now, let us see the main reasons why this error occurs and how best to fix it.
What triggers the error "The system administrator has restricted the type of logon that you may use"?
This is an access restriction message which is prompted by the Remote Desktop Connection stating that "The system administrator has restricted the type of logon (network or interactive) that you may use. For assistance, contact your system administrator or technical support."
This error usually happens when the RDP connections require Network Level Authentication (NLA). Additionally, the user does not belong to the Remote Desktop Users group.
In other cases when the Remote Desktop Users group has not been granted permission to access this computer from the network user's right.
Ways to solve the error "The system administrator has restricted the type of logon that you may use"?
You can apply the following tips to fix this authentication problem;
Changing the user's group membership or user rights assignment
You can add a user to the Remote Desktop User's group when it is relating to a single user.
In cases where the user belongs to the group or multiple groups then it is only right to check the user rights configuration on the remote Windows 10 or Windows Server 2016 machine.
To do this, follow the steps below;
1. Start by Opening the "Group Policy Object Editor" (GPE) and connect to the local policy of the remote computer.
2. Then, Navigate to Computer "Configuration\Windows Settings\Security Settings\Local Policies\User" Rights Assignment, right-click Access this computer from the network, and then select Properties.
3. Next, Check the list of users and groups for Remote Desktop Users (or a parent group).
4. Now, If the list does not include either Remote Desktop Users or a parent group like Everyone, we must add it to the list. If we have more than one computer in the deployment, use a group policy object.
For instance, the default membership for Access this computer from the network includes Everyone. Sometimes, the deployment may use a group policy object to remove Everyone. Here, we may need to restore access by updating the group policy object to add Remote Desktop Users.