The error message “Account restrictions are preventing this user from signing in” typically occurs when the user fails to set up a Remote Desktop Connection. Users commonly encounter this issue on Windows Server 2012 or higher versions. The problem often arises from a specific Windows Group Policy setup that restricts the transfer of login credentials to the remote workstation. However, some users have reported that the problem may be caused by expired or blank passwords. While this could be the case, there may be other sources contributing to the problem.
“I just tried on Server 2019, and it gave me an “Account Restrictions are preventing this user from signing in…” error. However, RDP’ing with the plaintext password worked. Changing the hash to an invalid value yields an authentication error,” writes Twitter follower @DukezDad. [source]
Security administrators and other groups have increasingly been utilizing Remote Desktop Connections. However, like any program, errors can occur, including with Remote Desktop Connections. Fortunately, there are steps you can take to quickly and easily resolve these issues, as outlined below.
What is the reason for the “Account Restrictions are Preventing this User from Signing in” Error Alert?
This error notification can be the result of various scenarios, nevertheless, the following events might be the cause most frequently —
- Windows Group Policy1: Windows policies control certain actions that your operating system implements. The error alert might pop up because of a certain Windows Group Policy which prevents the Remote Desktop Client from conveying the sign-in details to the remote host. Deactivating the policy could resolve the trouble.
- No Password: In certain instances, the error alert can also happen when the user account for setting a remote connection isn’t protected by a password. In this case, you will have to either establish a password or simply deactivate this policy.
Now that you have a clear understanding of the potential reasons for the error notification, you can fix your trouble by means of the remedies set forth below.
Method 1: Deactivating Windows Group Policy
As already stated before, there is a special security policy that does not let the Remote Desktop Client convey the supplied credentials. This policy, nevertheless, might result in the said error alert in certain scenarios. Hence, to eliminate the error alert and be capable of setting a connection, you will have to deactivate it. This is how to make it possible:
- Use the Windows Key + R hotkey to start the Run dialog box.
- Specify “gpedit.msc” in the search field and then press Enter.
- As soon as the Windows Local Group Policy Editor comes up, proceed to the below-said directory:
Computer Configuration > Administrative Templates > System > Credentials Delegation
- At this point, in the right-hand section, find the “Restrict delegation of credentials to the remote servers” policy.
- Double-click it to amend it. Define it to Disabled, select Apply and then choose OK.
- Inspect whether it resolves the problem.
Also consider reading: Hacked Facebook account. How do I Fix?.
Method 2: Defining a Password
The error notification can also come up when the user account that you are applying isn’t secured by any password at all. Hence, in order to resolve the trouble, you will need to establish a password and then inspect whether it resolves the problem. Otherwise, you will need to provide a password every time you would like to sign-in. Nevertheless, if you would like to, you can bypass this long process by just deactivating a Windows Group Policy. This is how to make it possible:
- Start the Local Group Policy Editor as displayed above.
- Proceed to the below-given location:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
- In the right-hand section, you have to find the “Accounts: Limit local account use of blank passwords to console logon only” policy.
- Double-click to amend it and then simply define it to Disabled.
- Choose Apply and then OK.
User Review
( vote)( reviews)
References
- Group Policy: https://en.wikipedia.org/wiki/Group_Policy
I attempted both of your fixes, rebooted the server in question and still receiving the same error message.