How to Fix “The Group Policy Client service failed the logon” Error?

Kevin ArrowsUpdated on October 28, 2024
Kevin is a certified Network Engineer

When the “Group Policy Client service failed the logon” error happens, the system prevents users from logging into their accounts and shows an “Access is denied” message. This error usually means that the Group Policy Client service, which handles user settings and permissions, didn’t start correctly during login. It often occurs because of a damaged user profile or problems with Group Policy Objects (GPOs) being set up incorrectly or being damaged.

It can also be caused by communication issues with domain controllers, which are needed for Group Policy functions in network environments.

In this article, we will discuss several solutions to solve this error.

1. Edit Registry Using an Administrator Account

Changing the registry can help fix problems with the Group Policy Client service. By using an administrator account to access the registry, you can repair or remove entries that might be stopping the service from starting correctly. This process helps the system work properly again by getting rid of bad session data or fixing registry keys related to user profiles, allowing users to log in successfully.

Note: Editing the Windows registry incorrectly can cause irreversible system damage. Make sure you follow instructions precisely and back up the registry before making any changes.

  1. Press Windows + R to open the Run command.
  2. Type regedit and press Enter to open the Registry Editor.
    Win+R regedit
  3. In the Registry Editor’s left pane, navigate to the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gpsvc

  4. Ensure that this key is intact without making any changes.
  5. Navigate to the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SVCHOST
  6. This path is crucial as it contains the keys and values referenced in step 3. Below are the necessary elements that must be present:
  7. Ensure there is a Multi-String value called GPSvcGroup. If it’s missing, right-click in the panel on the right and create a new multi-string value named GPSvcGroup and set it to GPSvc.
  8. Create a new key (folder) named GPSvcGroup. This key typically exists, but if not, right-click on the panel on the right and select New > Key. Name it GPSvcGroup.
  9. Open the newly created GPSvcGroup folder/key. Right-click in the panel on the right and create two DWORD values:
  10. First, create a DWORD called AuthenticationCapabilities and set its value to 0x00003020 (or 12320 in decimal).
  11. Second, create a DWORD called CoInitializeSecurityParam and set its value to 1.
  12. Restart your PC after making these changes.

2. Take Ownership of Group Policy Registry Key

Sometimes, you need to fix permission issues to make things work right again. By taking control of the Group Policy registry key, you get the permissions needed to change or fix it. This step makes sure the system can read and use the required Group Policy settings, which might be blocked due to incorrect ownership or access restrictions.

  1. Press Windows + R to open the Run command.
  2. Type regedit in the Run dialog box and press Enter to open the Registry Editor.
    Type regedit and click OK
  3. In the left pane of Registry Editor, navigate to the following key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gpsvc

  4. We will now take ownership of this key to edit it.
  5. Right-click the gpsvc (folder) key and select Permissions.
  6. The default owner should be TrustedInstaller. Click Change in the window that appears.
  7. In the Select User or Group window, click Advanced.
  8. Click Find Now.
  9. Select your username from the search results and click OK.
  10. Click OK again in the Select User or Group window. You have now successfully changed ownership.
  11. After taking ownership of the registry key, close the Registry Editor. Open an elevated Command Prompt/PowerShell (press the start button, type cmd, and open it as an administrator). Type the following command and press Enter:
    reg add “HKLM\SYSTEM\CurrentControlSet\Services\gpsvc” /v Type /t REG_DWORD /d 0x10 /f

  12. You should receive the message “The operation completed successfully“. If you haven’t taken ownership of the registry key mentioned in step 3, the command will fail, and you’ll receive an “Access is denied” message.
  13. Finally, restart your PC.

3. Use System Restore Point

Using a system restore point can fix your system by bringing it back to a time when everything was working well. System Restore does this by undoing recent changes to system files and settings. Since this error can happen because of messed-up system settings, using a restore point makes things stable again without affecting your personal files.

3.1. Log into the System with Another Account

  1. Right-click the Start button and select System.
  2. In the left column, click on System Protection.
  3. Click the System Restore button.
  4. Click Next.
  5. If needed, check the box that says “Show more restore points“.
  6. Select a restore point dated before the issue occurred and restore your system. Your PC will return to that date and restart. Although your data will remain intact, some programs may be removed.

3.2. If You Only Have One Account

By going into the advanced startup options, you can restore your PC to the previous point.

  1. Press the Shift key, then restart your PC using the shutdown button located in the bottom right corner of your login screen. Right-click on it to select the restart option.
  2. Windows will restart and display the “Choose an Option” menu.
  3. Select Troubleshoot > Advanced options > System Restore.
  4. Choose a restore point from a date before the problem began and restore your system. Your PC will revert to that date and restart. Note that while your data will remain intact, you may lose some programs.

If your system error persists or you did not have a restore point, you can reset your system. This will, however, clear all your apps, but your data will be kept. Use the advanced startup options, but instead, choose Troubleshoot > Reset this PC > Keep my files.

4. Turn Off Fast Startup

Turning off fast startup can fix the problem because this feature doesn’t fully shut down the system, and some things (like Group Policy) might not reset properly. When you disable it, the system shuts down completely, making sure everything restarts fresh, which can stop issues with the Group Policy Client service during future logins.

  1. Click on Start.
  2. Go to Settings.
  3. Click on the System icon.
  4. Navigate to the Power & Sleep section and click on Additional Power Settings.
  5. Select Choose what the power buttons do.
  6. Scroll down to Shutdown settings.
  7. Uncheck the box next to Turn on fast startup.
  8. Click Save changes.
  9. Restart your PC.

6. Restart Group Policy Service and Reset Winsock

To address this error, you might consider refreshing both the Group Policy Client service and the Winsock catalog. Restarting the Group Policy service helps reset important parts of the system needed to apply policies and user settings, which might have failed at startup. Resetting Winsock clears network settings and can help resolve networking issues that could affect Group Policy’s ability to connect with necessary services.

  1. Press Windows + R to open the Run command.
  2. Type services.msc and press Enter.
  3. Locate Group Policy Client, right-click the service, and select Properties.
  4. Set the Startup type to Automatic, click Start, then Apply, and OK.
  5. Right-click the Start button and choose Command Prompt (Admin) or Powershell (Admin).
  6. Enter the following command and press Enter:
    netsh winsock reset

  7. Type exit and press Enter to close the command prompt.
  8. Restart your PC.

7. Re-logging in a Specific Order

Sometimes, logging in using a specific order can help fix system processes that are stuck. First, log into an admin account, then switch to the problem user account. This gives the system a chance to restart important Group Policy services. It can clear out any problems with user profiles or services, potentially fixing access issues without needing a full restart. This method ensures the system reapplies the necessary settings and permissions.

Let’s suppose you have three accounts (or two). One of them is not working where the error comes forward. Here we will refer to the problematic account as Account_Problem, and working accounts as Working_1 and Working_2.

Note: You can perform the same steps even if you don’t have three accounts.

  1. First, switch all users so they are all logged in.
  2. Then, log off (sign out) each account in order (for example, Working_1, Account_Problem, Working_2).
    Logging out of each account
  3. Next, log into the first working account, Working_1, and engage in some tasks or play games.
  4. After that, log into the second working account, Working_2, and do some activities there as well.
  5. Once all working accounts are logged in, log into the problematic account, Account_Problem. Check if the issue is resolved.
Kevin ArrowsUpdated on October 28, 2024
Kevin is a certified Network Engineer
ABOUT THE AUTHOR
Photo of Kevin Arrows

Kevin Arrows


Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.