This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 7.000000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I have an OU called Test Desktops. I have test workstations in this OU. I created and linked a GPO to this OU called Restrict test allowed logons. Created a group with users allowed to logon to the test workstations. Added this group to the allow logon locally in the computer configuration settings along with administrators and domain admins. disabled "do not require ctrl+Alt+del" setting. security filtering has authenticated users and domain users (tried with and without domain users).
We tested with a domain user not in the allowed group. The test user is able to login. I have run GPupdate /f. shut down the workstation. I run gpresults. it states that the GPO is applied. If I look at the local security settings on the workstation, allow logon locally is not changed. Any help will be appreciated. Thank you.
If you run "rsop.msc" on the workstation, you should see if the GPO settings are applied or not.
Have you looked into the group policy logs in the Event Viewer to see if there is some errors ?
Applications and Services Logs / Microsoft / Windows / GroupPolicy
Thank you for the suggestion. I had several workstations in the OU. I discovered that only one workstation had an issue. I ran RSOP and discovered that the allow logon locally was greyed out. Further investigation showed that their was a deny logon for another group. The workstation having the issue was recently added to the OU from another OU.
i'm glad your issue has been fixe!