Remote Desktop: A user account restriction is preventing…

Published by Nyau Wai Hoe - Updated on

When you try to connect to a computer remotely via RDP (Remote Desktop Connection), there is a very common error message that you might see: “A user account restriction (for example, a time-of-day restriction) is preventing you from logging on. For assistance, contact your system administrator or technical support.” This guide will explain what this error actually means, and show you how to get around it.

Also see: Windows 11 Remote Desktop “An authentication error has occurred”

Remote Desktop A user account restriction time-of-day restriction preventing logging in

How to fix the “A user account restriction” error in Remote Desktop

Set up a password for the user account

Trying to connect to an account without a password is a common reason you might see the RDP error about user account restrictions. RDP usually won’t let you connect if the account has no password.

  1. Press the Windows key or click on the Start button.
  2. Type “Computer Management” and select it from the results to open.Open Computer Management Windows 11
  3. In the Computer Management window, go to the System Tools tab.
  4. Click on Local Users and Groups, then select Users.
  5. Find the user account you want to set a password for, right-click it, and choose Set Password.Fixing A user account restriction error in Remote Desktop
  6. After reading the warning, click Proceed, then type the new password, confirm it, and click OK.

Related resource: Disable Network Level Authentication in Windows 11 or 10

Allow blank passwords for Remote Desktop Connection

If you need to let RDP connect to accounts with no passwords, you can turn off the blank password block. You can do this in the Local Group Policy Editor or the Registry Editor. But be careful, this makes your system less secure.

Using local group policy editor

  1. Press Windows + R, type gpedit.msc, and press Enter to open the Local Group Policy Editor.Open group policy editor via Run command in Windows 11
  2. Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
  3. Find the policy named “Accounts: Limit local account use of blank passwords to console logon only” and double-click on it.
  4. Change the setting to Disabled.Allow Blank Passwords for Remote Desktop Connection
  5. Click OK and close the Local Group Policy Editor.
  6. To apply the changes right away, open Command Prompt and type gpupdate /force and press Enter.

Using registry editor

  1. Press Windows + R, type regedit, and press Enter to open the Registry Editor.Open Registry Editor
  2. Go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Lsa.
  3. Look for the DWORD named LimitBlankPasswordUse. If it’s not there, right-click, select New, then DWORD (32-bit) Value, and name it LimitBlankPasswordUse.
  4. Double-click on LimitBlankPasswordUse and set its value to 0.Limit Blank Password Windows 11 Remote Desktop
  5. Close the Registry Editor and restart your computer for the changes to take effect.

Note: You should create a system restore point or backup your registry before making any changes. Changing the registry incorrectly can cause issues as serious as bricking your entire PC.

Pro tip: How to Open an RDP Connection via CMD in Windows 11

Time-of-day restrictions

Sometimes, administrators set time-of-day restrictions to limit when certain users can log into the system. If you’re trying to access the system outside these allowed hours, you’ll run into the “A user account restriction” RDP error. The option to set login hours is mainly available for domain user accounts through Active Directory Users and Computers on a domain controller.

How to check and change login hours

  1. Open Active Directory Users and Computers.
  2. Find the user’s account, right-click, and select Properties.
  3. Go to the Account tab and click on Logon Hours to see or change the allowed times.

A user account restriction time-of-day restriction RDP

Account is locked out

If you try logging in too many times and fail, the account might get locked out for safety purpose.

How to deal with account lockout

On the Remote Computer:

  1. Press Windows + R, type lusrmgr.msc, and press Enter to open Local Users and Groups.
  2. Click on Users, then double-click on the account you’re concerned about.
  3. Make sure the Account is locked out option is unchecked.Account is locked out Windows 11

On a Domain Controller:

  1. Open Active Directory Users and Computers.
  2. Find and right-click on the user’s account, then choose Properties.
  3. Go to the Account tab and make sure the Account is locked out option is unchecked.

Related guide: How to Remote Desktop Over The Internet in Windows 11

Group policy restrictions

There might be Group Policy settings that are stopping RDP access either for the user or the machine.

  1. Open gpedit.msc to get into the Local Group Policy Editor.
  2. Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
  3. Look for policies like “Deny log on through Remote Desktop Services” to make sure the user isn’t listed there.Deny log on through Remote Desktop Services Windows 11
  4. If the user is listed, remove them to allow RDP access.A user account restriction is preventing you from logging in

Rules that require complex passwords

Windows might have rules that require strong passwords. If your account’s password doesn’t meet these rules, you might not be able to use RDP.

Check the password policies

  1. Press Windows + R, type gpedit.msc, and press Enter to open the Local Group Policy Editor.
  2. Go to Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.
  3. Look at the policies, especially “Password must meet complexity requirements.” If it’s turned on, passwords need to include uppercase and lowercase letters, numbers, and special symbols.Windows 11 Remote Desktop Password must meet complexity requirements

Tip: Windows 11 Remote Desktop “An authentication error has occurred”

Read:

Categories: Remote DesktopTroubleshootWindows 10Windows 11
Nyau Wai Hoe
Nyau Wai Hoe
Nyau Wai Hoe is the Founder and Chief Editor of WindowsDigitals.com. With a degree in software engineering and over 12 years of experience in the tech support industry, Nyau has established himself as an expert in the field, with a primary focus on the Microsoft Windows operating system. As a tech enthusiast, he loves exploring new technologies and leveraging them to solve real-life problems.
☕ Buy me a coffee?
More Resources
Login Windows 11 without Microsoft account

How to Login Windows 11 Without Microsoft Account

How to Change User Account Name in Windows 11

How to Change User Account Name in Windows 11

How to give administrator permission in Windows 10

Give Admin Permission/Rights to User in Windows 11/10

You may also like
Windows 11 Services to Disable for Gaming

30+ Windows 11 Services to Disable for Gaming Performance

How to set YouTube video quality permanently

How to Set YouTube to Always Play Highest Video Quality

Auto Login Windows 11 Without Password

How to Auto Login Windows 11 Without Password or PIN

Increase volume above 100 Windows 11

How to Boost Volume Above 100% in Windows 11

How to turn a picture into an icon Windows 11

How to Make a Picture an Icon in Windows 11

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Copy link
CopyCopied