Trying to add a Local Account to a Windows Remote TargetApplication, verification of the password always fails, even if the user is able to log in locally and the group policies allow it to log in to the target Windows system

Windows, all supported versions

CA PAM all supported versions

Group Policies in Windows establish, among other things, who can log in locally and who cannot, via the policies in

Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Rights Assignment

There there are 3 sets of policies controlling logon

Allow log on locally

Access Computer from the Network

Allow log on through Remote Desktop Services

and the corresponding Deny counterparts

Deny log on locally

Deny access Computer from the Network

Deny log on through Remote Desktop Services

Now is a user or a group to which the user belongs is added to the Deny rules, for instance Deny log on locally, that will take precedence over the corresponding Allow rule. For instance, if user abc is added to the Allow logon locally setting, but- at the same- time group MyUsers to which user abc belongs, is added to the Deny log on locally setting, the result is that user abc will not be able to log on to this computer

For Windows Remote to work, it is necessary that the target account has the right to access server from the network and to log on locally. If any of these permissions is blocked or denied, password will not be verified and it will not be possible to add the target account to this target server using the Windows Remote Target Connector

Make sure the Target Account that one is trying to add is not added to the Deny policies for log on (at least log on locally and access computer from the network), and remove it from them if applicable.