I'm trying to use Logon To in AD to restrict remote access to machines. I added the domain controllers and also a specific server to the list for a user in AD. I also added the user as a local admin of the machine I am giving them access to. But when I try to login with that user account to the server in the list I get this error.
"User not allowed to logon at this computer."
What am I missing? Shouldn't it be as easy as adding the servers to the logon to list in AD?
And if I remove the Logon To restrictions the user can login to the server fine. So I know it has something to do with that, but I need to restrict this user and I'd prefer not to do it through a GP.