Article ID: 285665 - Last Review: March 2, 2007 - Revision: 3.5

Error message: Your account is configured to prevent you from using this computer

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
This article was previously published under Q285665
Notice
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center (http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fwin2000) is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy (http://support.microsoft.com/lifecycle/) .

On This Page

Expand all | Collapse all

SYMPTOMS

When you try to log on to a remote access server, you may receive an error message that is similar to the following:
Unknown user or Bad Password.
When you try to log on to a console of a remote access server, you may receive an error message that is similar to the following:
Your account is configured to prevent you from using this computer.
Back to the top

CAUSE

This issue may occur if a security policy is set to shut down the computer if a user unsuccessfully tries to log on to a remote access service.
Back to the top

RESOLUTION

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
To resolve this issue, remove the security policy, and then edit the registry key.
Back to the top

Part 1: Disable the Security Policy

Disable the following Group Policy setting on either the default domain or the domain controller organizational unit:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shut down your system immediately if unable to log security audits
You can find this policy on the default domain policy, default domain controller policy, and local security policy.

Note After you disable the security policy, you must also remove the security policy registry key.

Back to the top

Part 2: Edit the CrashOnAuditFail Registry Key

  1. Click Start, and then click Run.
  2. In the Open box, type regedt32.exe, and then click OK.
  3. Click the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
  4. In the right pane, double-click
    CrashOnAuditFail
    .
  5. In the Value data box, type 0 (zero), and then click OK.
  6. Click Start, and then click Run.
  7. In the Open box, type secedit /refreshpolicy machine_policy /enforce, and then click OK to apply the new security setting.
  8. Restart your server.
Back to the top

MORE INFORMATION

For more information about Windows 2000 security templates and policies, click the following article number to view the article in the Microsoft Knowledge Base:
234926  (http://support.microsoft.com/kb/234926/ ) Windows 2000 security templates are incremental
Back to the top
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Back to the top
Keywords: 
kberrmsg kbprb KB285665
Back to the top