dbgathman
asked on
Windows 2K3 Term Serv Default logon to domain and not local computer
I have a Win 2K3 Term Serv in a Win 2k Active Directory. Restriction have been applied to the TS to "lock down" the box(MS whitepaper). When are prompted for their logon credentials they are defaulted to the local computer for login and I want them to default to the domain for logon. any ideas where I can go to set this option?
ASKER
We are using /TSWEB, so I need to set the preference on the server side.
In Windows XP, you can hide the domain box AND require a UPN (User Principal Name) to log on to your domain, by setting the NoDomainUI Value Name, a REG_DWORD data type, to 1 at HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows NT\CurrentVersion\Winlogon on each Windows XP domain member. This may also be the answer for terminal services logons.
NOTE: If only the SAM account is entered, Windows XP will attempt a local logon.
NOTE: You can implement this change via group policy by defining a Shutdown script that contains:
REG ADD "HKLM\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Winlogon " /V NoDomainUI /T REG_DWORD /D 1 /F
I have scripted NoDomainUI.bat to set the NoDomainUI Value Name to 1 on all your Windows XP domain members.
The syntax for using NoDomainUI.bat is:
NoDomainUI [Exclude1 Exclude2 ExcludeN]
Where ExcludeX is an optional list of \\ComputerNames to bypass.
NoDomainUI.bat contains:
@echo off
setlocal
set qry=reg.exe query
set add=reg.exe add
set fnd=FINDSTR /L /I /B /V /G:"%TEMP%\NoDomainUI.TMP"
if exist "%TEMP%\NoDomainUI.TMP" del /q "%TEMP%\NoDomainUI.TMP"
:loop
if {%1}=={} goto loopend
@echo %1>>"%TEMP%\NoDomainUI.TMP "
shift
goto loop
:loopend
@echo END_OF_NoDomainUI_EXCLUSIO N>>"%TEMP% \NoDomainU I.TMP"
for /f "Tokens=1" %%c in ('net view^|find /i "\\"^|%fnd%') do (
for /f "Tokens=2*" %%r in ('%qry% "%%c\HKLM\SOFTWARE\Microso ft\Windows NT\CurrentVersion" /v CurrentVersion^|find "REG_SZ"') do (
if "%%s" EQU "5.1" @echo %%c&%add% "%%c\HKLM\SOFTWARE\Microso ft\Windows NT\CurrentVersion\Winlogon " /V NoDomainUI /T REG_DWORD /D 1 /F &@echo.
)
)
endlocal
Let me know if this helps!
NOTE: If only the SAM account is entered, Windows XP will attempt a local logon.
NOTE: You can implement this change via group policy by defining a Shutdown script that contains:
REG ADD "HKLM\SOFTWARE\Microsoft\W
I have scripted NoDomainUI.bat to set the NoDomainUI Value Name to 1 on all your Windows XP domain members.
The syntax for using NoDomainUI.bat is:
NoDomainUI [Exclude1 Exclude2 ExcludeN]
Where ExcludeX is an optional list of \\ComputerNames to bypass.
NoDomainUI.bat contains:
@echo off
setlocal
set qry=reg.exe query
set add=reg.exe add
set fnd=FINDSTR /L /I /B /V /G:"%TEMP%\NoDomainUI.TMP"
if exist "%TEMP%\NoDomainUI.TMP" del /q "%TEMP%\NoDomainUI.TMP"
:loop
if {%1}=={} goto loopend
@echo %1>>"%TEMP%\NoDomainUI.TMP
shift
goto loop
:loopend
@echo END_OF_NoDomainUI_EXCLUSIO
for /f "Tokens=1" %%c in ('net view^|find /i "\\"^|%fnd%') do (
for /f "Tokens=2*" %%r in ('%qry% "%%c\HKLM\SOFTWARE\Microso
if "%%s" EQU "5.1" @echo %%c&%add% "%%c\HKLM\SOFTWARE\Microso
)
)
endlocal
Let me know if this helps!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
J.