Windows authentication should use the ldap server that the epo server itself discovers - you don't have to have a registered ldap server to log into the console with a windows account. I would suggest maybe taking away the rights one at a time to see which one affected user logins. Are you using user autocreation or creating the accounts manually? The only permissions I am aware of for a windows account is that if the account is used to connect to the database, it has to have logon rights to the epo server and be a local administrator. But that is different than console login accounts.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?