Solved

Login with Local Administrator account resets the login prompt to local computer. Windows 2000

Posted on 2004-09-15
11
508 Views
Last Modified: 2011-04-14
When logging into a system with the local administrator account we log into the computer itself and not the domain.  Now when the user logs in it presents the user in the logon box the local computer name rather then the domain they need to log in to. I want to be able to run a batch file or script to change it back to the domain because our users aren't the brightest in the world and call us up to login when they are logging in to the local computer rather than switching to the domain.

Does anyone know the registry keys that need to be changed?  Does anyone have a batch or script I could use to accomplish this?  Does anyone have a template I could use?  I know someone was doing this before but I forgot to ask him and I didn't catch his name.

Is there any other way around this without having to modify a GPO which is not an option in this case.  We are running Windows 2000 pro on all client systems.

Thanks ahead of time.
0
Comment
Question by:Shenook
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 4

Expert Comment

by:zmorvik
ID: 12067447
If I understand you correct, your admins login, perform their tasks, and then logout.  When the user returns, they are having difficulty understanding that they need to swith their logon to dropdown from the local computer back to your domain.

Something to try:

This is clipped from the instructions for using AutoAdminLogon.  Of course, you don't want to use AutoAdminLogon, so the only key we will create here is the DefaultDomainName.  

The full article can be viewed here:
http://support.microsoft.com/default.aspx?kbid=315231

Open registry editor and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

Created a new String Value called DefaultDomainName
Make the value your domain name.

Good luck!

0
 
LVL 8

Expert Comment

by:dhoustonie
ID: 12070068
Are you using a remote connection to logon or are your support staff physically at the machine?
0
 

Author Comment

by:Shenook
ID: 12070110
We are physically at the machine.  Thanks for the reply dhoustonie.  Let me know if you know of any scripts.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 8

Expert Comment

by:dhoustonie
ID: 12070379
You have said that you don't want to change the GPO, is that the domain gpo, or the local group policies?

dave
0
 
LVL 8

Assisted Solution

by:dhoustonie
dhoustonie earned 100 total points
ID: 12070475
You could use the advice given before and create a reg file that would set the default domain to your domain name, so that when your support staff log off the user just types in their username and password and they are in, by logging in once as the admin or adding to a script it would be a permanent fixture until the registry was deleted.

Save this as a .reg file, just change YourDomain to your domain name:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\DefaulDomainName] @="YourDomain"

 
0
 
LVL 17

Accepted Solution

by:
Jared Luker earned 300 total points
ID: 12071013
You can make a .vbs file called fixdomain.vbs (or whatever you want to call it).  Copy the following script into a text file and name it that name.

You can call it from your login or startup scripts and it will make the change for you.
______________________________________________________________________

Dim WshShell
Dim Domain

Domain = "DomainName"

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaulDomainName",Domain,"REG_SZ"

______________________________________________________________________

Jared

ps the path has "Windows NT" in it... not "WindowsNT"
0
 
LVL 4

Assisted Solution

by:zmorvik
zmorvik earned 100 total points
ID: 12071156
I forgot about the script part in my answer.  Sorry about that.  I agree with dhoustonie on the registry import script.

jared_luker too is correct.  The key is Windows NT.  Weird because I copied that directly from my exported registry script.

I would highly recommend you test this on a non-production PC just to be sure that it doesn't have any adverse effects.

Create the key I mentioned in the original reply.  Use registry editor and export the following key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

This file will be whatever you named the file .reg

Edit this file with notepad and remove everything except the following:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName" = "<your-domain-name>"

Now save this file.  Copy this modified .reg file to the NETLOGON share on your domain controller(s).  In NT 4.0, you will need to copy it to %systemroot%\system32\repl\import\scripts

Now, in a logon script, add the following
regedit /s \\<domain-controller-name\netlogon\yourfile.reg

This will import these settings into the local registry.  

Unfortunately, I believe an administrator on that machine or the domain is going to have to run this batch file because a Domain User or a user who is only part of the local Users group will likely not be allowed to create this registry entry.  So, maybe your support personnel either carry a floppy, USB key, or network location for the batch script, etc that they run on each workstation they visit from now on.


Best Wishes
0
 

Author Comment

by:Shenook
ID: 12071672
GPO reply...
Both as we have a different contracting company taking care of the GPO's for particular reasons.  So no GPO changes can be made at this time.
0
 

Author Comment

by:Shenook
ID: 12071682
I will get this tested tomorrow morning sometimes and distribute the points accordingly.  I really appreciate all the help.  I'll make sure I get back on to close out this thread as the solution(s) provided probably will work.  Thanks again I'll post again tomorrow.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12072389
How about a script that deletes all local user (non-admin) accounts ?
0
 

Author Comment

by:Shenook
ID: 12075753
I have distributed the points and wanted to thank all 3 of you as you all added comments that were correct.  Thanks again for your help.  I hope I see you all in another thread soon.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question