Error 1332: No mapping between account names and security IDs was done. Cannot find Approved_Groups.

I am stumped. This is related to a client computer running Windows 7 Enterprise 64bit.

I have a computer lab of 90+ machines. All units are in Active Directory under the same OU with the same policy applied to all of them. I have one unit that will not log into any non-admin account. When attempting to log in as a general user you get the message:

"You cannot log on because the logon method you are using is not allowed on this computer. Please see your network administrator for more details."

I can log into the unit using my limited domain admin credentials which is what I used for further troubleshooting.

I look at the RSOP and I see that under "windows settings/security settings/local policies/user rights assignment" "Allow log on Locally" has a red X. The error states: "The Policy (policy that is applied to all 90+ units) resulted in the following error. No mapping between account names and security IDs was done. For more information, see %windir%\security\logs\winlogon.log on the target machine."

So I open the winlogon.log file and find this: 

----Configure User Rights...
Configure S-1-5-32-545.
remove SeInteractiveLogonRight.
Configure S-1-5-21-1636102821-2938549717-216715030-501.
Configure S-1-5-32-551.
Configure Approved_Groups.
Error 1332: No mapping between account names and security IDs was done.
Cannot find Approved_Groups.
Configure S-1-5-32-544.

User Rights configuration was completed with one or more errors.

I have checked the other units winlogon.log file and it does not have an "Approved_Groups" that it is loading.

I have searched the web for info on this error and found the following:

http://support.microsoft.com/kb/2000705
http://support.microsoft.com/kb/977695/en-us

I have attempted to apply hotfixes mentioned but they say that I am trying to install them on unsupported platform.

All of the information I have found is related to Windows server and not windows 7. Most of the reports I see are also happening with groups of computers and not only one out of a hundred.

I finally gave up, thinking it was some sort of file corruption and I reimaged the unit, yet it still does it. I reset the computer account. I have removed the computer from the domain and readded it.

Again, no other computer that is applying the same policy is having this issue.

What am I missing? I would not think that it would be a problem on the AD end since it is limited to a single unit.