Solved

Login with Local Administrator account resets the login prompt to local computer. Windows 2000

Posted on 2004-09-15
11
506 Views
Last Modified: 2011-04-14
When logging into a system with the local administrator account we log into the computer itself and not the domain.  Now when the user logs in it presents the user in the logon box the local computer name rather then the domain they need to log in to. I want to be able to run a batch file or script to change it back to the domain because our users aren't the brightest in the world and call us up to login when they are logging in to the local computer rather than switching to the domain.

Does anyone know the registry keys that need to be changed?  Does anyone have a batch or script I could use to accomplish this?  Does anyone have a template I could use?  I know someone was doing this before but I forgot to ask him and I didn't catch his name.

Is there any other way around this without having to modify a GPO which is not an option in this case.  We are running Windows 2000 pro on all client systems.

Thanks ahead of time.
0
Comment
Question by:Shenook
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 4

Expert Comment

by:zmorvik
ID: 12067447
If I understand you correct, your admins login, perform their tasks, and then logout.  When the user returns, they are having difficulty understanding that they need to swith their logon to dropdown from the local computer back to your domain.

Something to try:

This is clipped from the instructions for using AutoAdminLogon.  Of course, you don't want to use AutoAdminLogon, so the only key we will create here is the DefaultDomainName.  

The full article can be viewed here:
http://support.microsoft.com/default.aspx?kbid=315231

Open registry editor and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

Created a new String Value called DefaultDomainName
Make the value your domain name.

Good luck!

0
 
LVL 8

Expert Comment

by:dhoustonie
ID: 12070068
Are you using a remote connection to logon or are your support staff physically at the machine?
0
 

Author Comment

by:Shenook
ID: 12070110
We are physically at the machine.  Thanks for the reply dhoustonie.  Let me know if you know of any scripts.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 8

Expert Comment

by:dhoustonie
ID: 12070379
You have said that you don't want to change the GPO, is that the domain gpo, or the local group policies?

dave
0
 
LVL 8

Assisted Solution

by:dhoustonie
dhoustonie earned 100 total points
ID: 12070475
You could use the advice given before and create a reg file that would set the default domain to your domain name, so that when your support staff log off the user just types in their username and password and they are in, by logging in once as the admin or adding to a script it would be a permanent fixture until the registry was deleted.

Save this as a .reg file, just change YourDomain to your domain name:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\DefaulDomainName] @="YourDomain"

 
0
 
LVL 17

Accepted Solution

by:
Jared Luker earned 300 total points
ID: 12071013
You can make a .vbs file called fixdomain.vbs (or whatever you want to call it).  Copy the following script into a text file and name it that name.

You can call it from your login or startup scripts and it will make the change for you.
______________________________________________________________________

Dim WshShell
Dim Domain

Domain = "DomainName"

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaulDomainName",Domain,"REG_SZ"

______________________________________________________________________

Jared

ps the path has "Windows NT" in it... not "WindowsNT"
0
 
LVL 4

Assisted Solution

by:zmorvik
zmorvik earned 100 total points
ID: 12071156
I forgot about the script part in my answer.  Sorry about that.  I agree with dhoustonie on the registry import script.

jared_luker too is correct.  The key is Windows NT.  Weird because I copied that directly from my exported registry script.

I would highly recommend you test this on a non-production PC just to be sure that it doesn't have any adverse effects.

Create the key I mentioned in the original reply.  Use registry editor and export the following key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

This file will be whatever you named the file .reg

Edit this file with notepad and remove everything except the following:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName" = "<your-domain-name>"

Now save this file.  Copy this modified .reg file to the NETLOGON share on your domain controller(s).  In NT 4.0, you will need to copy it to %systemroot%\system32\repl\import\scripts

Now, in a logon script, add the following
regedit /s \\<domain-controller-name\netlogon\yourfile.reg

This will import these settings into the local registry.  

Unfortunately, I believe an administrator on that machine or the domain is going to have to run this batch file because a Domain User or a user who is only part of the local Users group will likely not be allowed to create this registry entry.  So, maybe your support personnel either carry a floppy, USB key, or network location for the batch script, etc that they run on each workstation they visit from now on.


Best Wishes
0
 

Author Comment

by:Shenook
ID: 12071672
GPO reply...
Both as we have a different contracting company taking care of the GPO's for particular reasons.  So no GPO changes can be made at this time.
0
 

Author Comment

by:Shenook
ID: 12071682
I will get this tested tomorrow morning sometimes and distribute the points accordingly.  I really appreciate all the help.  I'll make sure I get back on to close out this thread as the solution(s) provided probably will work.  Thanks again I'll post again tomorrow.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12072389
How about a script that deletes all local user (non-admin) accounts ?
0
 

Author Comment

by:Shenook
ID: 12075753
I have distributed the points and wanted to thank all 3 of you as you all added comments that were correct.  Thanks again for your help.  I hope I see you all in another thread soon.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
As a business owner, there are many things that keep you up at night. Profit margins, employee retention, human resource protocols, whether your product or service will remain competitive. When you own or manage a technology company that operates la…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question