03 April 2017

The Group Policy Client service failed the logon - Access is denied

I recently had a client who was receiving this error when he was trying to log into his domain account:


The fix for this is rather simple and straight-forward, however it's rather nasty if you don't know what to do.  The following steps can be followed to resolve this issue:


  • Login with another account, preferably a Domain Admin account
    • This should work as the issue is with the profile, not the computer
  • Create a local account on the machine and ensure it's also a local administrator
  • Remove the machine from the domain
  • Login as the local account you just created
  • Rename the profile name in C:\Users 
    • I would usually create a new folder called "Backup" and then move the profiles into there
  • Open Start Menu and search for Regedit
  • Open the following location
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

  • Click on the different SIDs until you find the one that has Profile Path which is related to the user that's having problems

  • Right-click the SID and export it just to make sure you have a copy

  • Delete the SID

  • Join the computer back to the domain
    • I had deleted the computer object from AD and I even renamed the computer
  • Login as the user who was having problems
  • Should be working perfectly now.

6 comments: