The error message ‘Account restrictions are preventing this user from signing in’ is revealed when a user is not able to establish a Remote Desktop connection to a target system using Windows Server 2012 or above. This error can be caused by your Windows Group Policy which stops it from passing credentials to the remote system. On the contrary, many people assume that the issue is often due to expired passwords or blank passwords which can sometimes be the case, however, in case it isn’t, then many are left without any clue.
Remote Desktop Connections are widely used by security administrators or other parties and its use has been gradually increasing. Thus, errors are to be expected as every application out there contains errors that just need to be unveiled. Nonetheless, you can easily isolate your issue by implementing the solutions given down below.
What causes the ‘Account Restrictions are Preventing this User from Signing in’ Error Message?
This error message can be caused in different scenarios, however, the following things seem to be the cause most often —
- Windows Group Policy: Windows policies are responsible for some of the actions that your system performs. The error message is, sometimes, due to a particular Windows Group Policy which stops the Remote Desktop Client to expose sign-in credentials to the remote host. Disabling the policy seems to fix the issue.
- No Password: In some cases, the error message can also occur if the user account that you are using to establish a remote connection doesn’t have a password. In such a case, you will have to either set a password or just disable this policy as well.
Now that you are aware of the potential causes of the error message, you can isolate your issue by using the solutions provided down below.
Solution 1: Disabling Windows Group Policy
As we have mentioned above, there is a security policy that prevents RD client from exposing the supplied credentials. This policy, however, seems to cause the said error message in some scenarios. Thus, to get rid of the error message and be able to establish a connection, you will have to disable it. Here’s how to do it:
- Press Windows Key + R to open the Run dialog box.
- Type in ‘gpedit.msc’ in the search box and then hit Enter.
- Once the Windows Local Group Policy Editor opens up, navigate to the following directory:
Computer Configuration > Administrative Templates > System > Credentials Delegation
- There, on the right-hand side, locate the ‘Restrict delegation of credentials to the remote servers’ policy.
- Double-click it to edit it. Set it to Disabled, click Apply and then hit OK.
- See if it fixes the issue.
Solution 2: Setting up a Password
The error message can also appear if the user account that you are using has no password set. Therefore, in order to fix the issue, you will have to set up a password and then see if it fixes the issue. In case it does, you will have to enter a password every time you want to sign-in. However, if you wish, you can avoid this by simply disabling a Windows Group Policy. Here’s how to do it:
- Open up the Local Group Policy Editor as shown above.
- Once you have opened it up, go to the following location:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
- On the right-hand side, you need to locate the ‘Accounts: Limit local account use of blank passwords to console logon only’ policy.
- Double-click to edit it and then just set it to Disabled.
- Click Apply and then hit OK.