Solved

Login with Local Administrator account resets the login prompt to local computer. Windows 2000

Posted on 2004-09-15
11
504 Views
Last Modified: 2011-04-14
When logging into a system with the local administrator account we log into the computer itself and not the domain.  Now when the user logs in it presents the user in the logon box the local computer name rather then the domain they need to log in to. I want to be able to run a batch file or script to change it back to the domain because our users aren't the brightest in the world and call us up to login when they are logging in to the local computer rather than switching to the domain.

Does anyone know the registry keys that need to be changed?  Does anyone have a batch or script I could use to accomplish this?  Does anyone have a template I could use?  I know someone was doing this before but I forgot to ask him and I didn't catch his name.

Is there any other way around this without having to modify a GPO which is not an option in this case.  We are running Windows 2000 pro on all client systems.

Thanks ahead of time.
0
Comment
Question by:Shenook
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 4

Expert Comment

by:zmorvik
ID: 12067447
If I understand you correct, your admins login, perform their tasks, and then logout.  When the user returns, they are having difficulty understanding that they need to swith their logon to dropdown from the local computer back to your domain.

Something to try:

This is clipped from the instructions for using AutoAdminLogon.  Of course, you don't want to use AutoAdminLogon, so the only key we will create here is the DefaultDomainName.  

The full article can be viewed here:
http://support.microsoft.com/default.aspx?kbid=315231

Open registry editor and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

Created a new String Value called DefaultDomainName
Make the value your domain name.

Good luck!

0
 
LVL 8

Expert Comment

by:dhoustonie
ID: 12070068
Are you using a remote connection to logon or are your support staff physically at the machine?
0
 

Author Comment

by:Shenook
ID: 12070110
We are physically at the machine.  Thanks for the reply dhoustonie.  Let me know if you know of any scripts.
0
 
LVL 8

Expert Comment

by:dhoustonie
ID: 12070379
You have said that you don't want to change the GPO, is that the domain gpo, or the local group policies?

dave
0
 
LVL 8

Assisted Solution

by:dhoustonie
dhoustonie earned 100 total points
ID: 12070475
You could use the advice given before and create a reg file that would set the default domain to your domain name, so that when your support staff log off the user just types in their username and password and they are in, by logging in once as the admin or adding to a script it would be a permanent fixture until the registry was deleted.

Save this as a .reg file, just change YourDomain to your domain name:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\DefaulDomainName] @="YourDomain"

 
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 17

Accepted Solution

by:
Jared Luker earned 300 total points
ID: 12071013
You can make a .vbs file called fixdomain.vbs (or whatever you want to call it).  Copy the following script into a text file and name it that name.

You can call it from your login or startup scripts and it will make the change for you.
______________________________________________________________________

Dim WshShell
Dim Domain

Domain = "DomainName"

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaulDomainName",Domain,"REG_SZ"

______________________________________________________________________

Jared

ps the path has "Windows NT" in it... not "WindowsNT"
0
 
LVL 4

Assisted Solution

by:zmorvik
zmorvik earned 100 total points
ID: 12071156
I forgot about the script part in my answer.  Sorry about that.  I agree with dhoustonie on the registry import script.

jared_luker too is correct.  The key is Windows NT.  Weird because I copied that directly from my exported registry script.

I would highly recommend you test this on a non-production PC just to be sure that it doesn't have any adverse effects.

Create the key I mentioned in the original reply.  Use registry editor and export the following key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

This file will be whatever you named the file .reg

Edit this file with notepad and remove everything except the following:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName" = "<your-domain-name>"

Now save this file.  Copy this modified .reg file to the NETLOGON share on your domain controller(s).  In NT 4.0, you will need to copy it to %systemroot%\system32\repl\import\scripts

Now, in a logon script, add the following
regedit /s \\<domain-controller-name\netlogon\yourfile.reg

This will import these settings into the local registry.  

Unfortunately, I believe an administrator on that machine or the domain is going to have to run this batch file because a Domain User or a user who is only part of the local Users group will likely not be allowed to create this registry entry.  So, maybe your support personnel either carry a floppy, USB key, or network location for the batch script, etc that they run on each workstation they visit from now on.


Best Wishes
0
 

Author Comment

by:Shenook
ID: 12071672
GPO reply...
Both as we have a different contracting company taking care of the GPO's for particular reasons.  So no GPO changes can be made at this time.
0
 

Author Comment

by:Shenook
ID: 12071682
I will get this tested tomorrow morning sometimes and distribute the points accordingly.  I really appreciate all the help.  I'll make sure I get back on to close out this thread as the solution(s) provided probably will work.  Thanks again I'll post again tomorrow.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12072389
How about a script that deletes all local user (non-admin) accounts ?
0
 

Author Comment

by:Shenook
ID: 12075753
I have distributed the points and wanted to thank all 3 of you as you all added comments that were correct.  Thanks again for your help.  I hope I see you all in another thread soon.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now