Remote Desktop: A user account restriction is preventing…

Remote Desktop Connection (RDP) is a great tool in Windows 11 and Windows 10 that lets you use a computer from another place. But sometimes, you might get a message saying “A user account restriction (for example, a time-of-day restriction) is preventing you from logging on. For assistance, contact your system administrator or technical support.” We’re here to help fix this issue, focusing first on making sure the user account has a password, turning off checks for blank passwords, and then looking at other ways to solve the problem.

Also see: Windows 11 Remote Desktop “An authentication error has occurred”

Fixing “A user account restriction” error in Remote Desktop

1. Setting a password for the user account

Not having a password on your account is a common reason for RDP errors about user account restrictions. RDP has a safety feature that usually stops remote access to accounts without passwords.

How to set a password for the user:

1. Hit the Windows key or click the Start button.
2. Search for “Computer Management” and open it from the results.
3. In Computer Management, go to the System Tools section.
4. Click on Local Users and Groups and then on Users.
5. Right-click the user account you’re working on and pick Set Password.
6. After reading the warning, click Proceed, then type and confirm the new password, and hit OK.

By giving all accounts a password, you not only fix the RDP issue but also make your system more secure.

Related resource: Disable Network Level Authentication in Windows 11 or 10

2. Allow blank passwords for Remote Desktop Connection

If you need to let RDP connections use accounts without passwords, you can turn off the blank password check. You can do this through the Local Group Policy Editor or the Registry Editor. Just know that this makes your system less secure.

Using local group policy editor:

1. Press Windows + R, type gpedit.msc, and press Enter to open the Local Group Policy Editor.
2. Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
3. Find the policy “Accounts: Limit local account use of blank passwords to console logon only” and open it.
4. Set it to Disabled.
5. Hit OK and close the Local Group Policy Editor.
6. To make the changes work right away, open Command Prompt and type gpupdate /force and press Enter.

Using registry editor:

1. Press Windows + R, type regedit, and press Enter to open the Registry Editor.
2. Go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Lsa.
3. Look for the DWORD LimitBlankPasswordUse. If it’s not there, right-click, choose New > DWORD (32-bit) Value, and name it LimitBlankPasswordUse.
4. Double-click on LimitBlankPasswordUse and change its value to 0.
5. Close the Registry Editor and restart your PC to see the changes.

Note: Always back up your registry before making changes. Wrong changes can cause problems or make your system unstable.

Pro tip: How to Open an RDP Connection via CMD in Windows 11

3. Time-of-day restrictions

Sometimes, admins limit when certain users can log in. If you’re trying to get in at a time you’re not allowed, you’ll see the “A user account restriction” RDP error. Setting login hours is usually done for domain user accounts with Active Directory.

How to check and modify login hours:

1. Open Active Directory Users and Computers.
2. Find the user’s account, right-click it, and go to Properties.
3. Click on Logon Hours to see or change when they can log in.

4. Account is locked out

If someone tries and fails to log in too many times, the account gets locked for safety.

How to address account lockout:

1. On the Remote Computer:
   1. Press Windows + R, type lusrmgr.msc, and press Enter to open Local Users and Groups.
   2. Click on Users, then double-click the account in question.
   3. Make sure the Account is locked out option is not checked.
2. On a Domain Controller:
   1. Open Active Directory Users and Computers.
   2. Right-click the user’s account and go to Properties.
   3. Under the Account tab, ensure the Account is locked out option is not checked.

Related guide: How to Remote Desktop Over The Internet in Windows 11

5. Group policy restrictions

Group Policy settings might be stopping RDP access for the user or the computer.

How to check group policy settings:

1. Open gpedit.msc for the Local Group Policy Editor.
2. Head to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
3. Look for policies like “Deny log on through Remote Desktop Services” and make sure the user isn’t listed.
4. If you find the user listed, remove them to allow RDP access.

6. Password complexity requirements

Windows might need passwords to be really strong. If the account’s password isn’t tough enough, RDP might not work.

How to check password policies:

1. Press Windows + R, type gpedit.msc, and hit Enter to open the Local Group Policy Editor.
2. Go to Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.
3. Check out the policies, like “Password must meet complexity requirements.” If it’s on, passwords need to have uppercase and lowercase letters, numbers, and symbols.

In short

Getting the error “A user account restriction (for example, a time-of-day restriction) is preventing you from logging on. For assistance, contact your system administrator or technical support” usually means you need to set a password for the account or allow RDP logins without passwords. This often fixes the main problem, especially if you’re not using a domain.

But in a domain, the issue might be due to time-of-day limits, Group Policy settings, or specific user rights. Make sure to look into each possible cause.