Last updated on January 26th, 2021
The error “The Sign-in method you’re trying to use isn’t allowed. For more info, contact your network administrator”, commonly appears when you try to log on using the “Guest” account to a Windows 10 PC, or to a Domain Controller with any other user than then Domain Administrator. The error appears, because by default you cannot sign in locally with any user that hasn’t administrator permissions on a Domain Controller or to a Windows 10 PC .
This tutorial contains instructions to bypass the error “The Sign-in method you’re trying to use isn’t allowed” on Windows 10 or Server 2016/2012.
How to FIX: Sign-In Method is not Allowed on Windows 10 & Server 2016/2012.
To solve the error “The Sign-in method you’re trying to use isn’t allowed”, follow the instructions below, according your case. you have the following options:
Case 1. How to Allow a User to Log on locally on a Standalone Server.
If you want to sign in locally, with any other user than Administrator, to a Standalone Server 2016/2012/2008, or on a computer which part of a Domain, proceed and modify the default Group Policy to allow the Sign-in to standard users, by following the instructions below:
1. Login to the Server (or the domain computer), as Administrator.
2. Open the Local Group Policy Editor. To do that:
1. Simultaneously press the Windows + R keys to open run command box.
2. Type gpedit.msc and press Enter.
2. In Group Policy Editor navigate to: Computer Configuration > Windows Settings> Security Settings > Local Policies > User Rights Assignment
3. At the right Pane: double click at Allow log on locally
3. At ‘Allow log on locally Properties’ window, click Add User or Group. *
* Note: By default on a standalone server the following groups has permission to log on locally:
- Administrators
- Backup Operators
- Users
So, if you want to give the permission only to specific user(s) to logon locally, remove the “Users” group from here.
4. Type the name of the user that you want to log on locally and click OK twice to close all windows.
5. Then open the Deny log on locally policy and make sure is empty.
6. Close the Local Group Policy Editor.
7. Restart the server, or run the gpupdate /force command to apply the new group policy settings (without restart).
Case 2. How to Allow a Domain User to Log on locally on a Domain Controller (Server 2016).
In order a domain user to logon locally from the domain controller console, the user must belong to one of the following groups:
- Account Operators
- Administrators
- Backup Operators
- Print Operators
- Server Operators
So, if you want to grant a user account the ability to log on locally to a domain controller, you must make that user a member of one of the above groups. *
* Note: To avoid security risks, do not add the user to Administrators group. and prefer to add the user to ‘Backup Operators’.
That’s it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
do earn a commision from sales generated from this link, but at no additional cost to you. We have experience with this software and we recommend it because it is helpful and useful):
Full household PC Protection – Protect up to 3 PCs with NEW Malwarebytes Anti-Malware Premium!