“The signin method you’re trying to use isn’t allowed” – Windows Server 2012
During the work with my first book Beginning SharePoint 2013 Workflows, I have been using a Hyper-V VM running SharePoint 2013 on Windows Server 2012. I created a workflow demo where an admin started a workflow that assigned a task to a standard user. But then when I tried to login as this user, I received the following message in the login window: “The signin method you’re trying to use isn’t allowed. For more info contact your network administrator.”
This behavior is probably intended by Microsoft. By default, only administrators should login locally to the server where Windows Server 2012 is running. The server is not supposed to be someone’s workstation! This is a valid and understood statement in a production environment since otherwise it could become the security hole of the century! But I’m running WS2012 with SharePoint 2013 on a VM hosted on my Windows 8 laptop, and I want to switch users locally, so there should be a solution for this. The good news are, you can bypass this restriction, but you have to dig deep into the Group Manager hierarchy to find the correct place to add the fix. Here’s how:
Log in as the administrator on the server, then start the Group Policy Management Editor by running the gpmc.msc command from PowerShell or the Command Line window.
1. In the Group Policy Management window on the left hand side, select Group Policy Management.
2. Click to expand the Forest<your domain name> tree node.
3. Click Domains.
4. Select your domain name.
5. Click Group Policy Objects.
3. Click Domains.
4. Select your domain name.
5. Click Group Policy Objects.
6. In the right-hand window, double-click Default Domain Controllers Policy.
7. Right-click Default Domain Controllers Policy and Select Edit.
8. In the Group Policy Management Editor window, click Default Domain Controllers Policy.
9. Click Computer Configuration, and then click Policies.
10. Click Windows Settings, and then click Security Settings.
7. Right-click Default Domain Controllers Policy and Select Edit.
8. In the Group Policy Management Editor window, click Default Domain Controllers Policy.
9. Click Computer Configuration, and then click Policies.
10. Click Windows Settings, and then click Security Settings.
11. Click Local Policies and then click User Rights Assignments.
12. In the right pane, click Allow log on locally.
12. In the right pane, click Allow log on locally.
12. Click the Add User or Group button.
13. In the Add User or Group dialog, enter the name to be added or click Browse.. to search for a name.
13. In the Add User or Group dialog, enter the name to be added or click Browse.. to search for a name.
14. Click OK .
15. Repeat steps 12-14 if you want to add more users.
16. Click OK to Close the Allow log on locally Properties dialog, and then click Close several times to Close the remaining open Windows.
17. Run the following command in Powershell or the Command Window to activate the policy changes:
gpupdate /force.
15. Repeat steps 12-14 if you want to add more users.
16. Click OK to Close the Allow log on locally Properties dialog, and then click Close several times to Close the remaining open Windows.
17. Run the following command in Powershell or the Command Window to activate the policy changes:
gpupdate /force.
By running this rather messy procedure, I was able to login to Windows Server 2012 locally using a standard user name. Hopefully there are easier ways to achieve this, so if anyone reads this post and knows anything, please don’t hesitate to add a comment!
