Windows 2K3 Term Serv Default logon to domain and not local computer

Posted on 2006-04-28
Last Modified: 2012-08-14
I have a Win 2K3 Term Serv in a Win 2k Active Directory.  Restriction have been applied to the TS to "lock down" the box(MS whitepaper).  When are prompted for their logon credentials they are defaulted to the local computer for login and I want them to default to the domain for logon.  any ideas where I can go to set this option?
Question by:dbgathman
    LVL 18

    Expert Comment

    You can define that in your thin client (where depends on the brand), or in your RDP definition when using a Windows PC (click options in the Remote Desktop connection dialog)


    Author Comment

    We are using /TSWEB, so I need to set the preference on the server side.
    LVL 3

    Expert Comment

    In Windows XP, you can hide the domain box AND require a UPN (User Principal Name) to log on to your domain, by setting the NoDomainUI Value Name, a REG_DWORD data type, to 1 at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon on each Windows XP domain member.  This may also be the answer for terminal services logons.

    NOTE: If only the SAM account is entered, Windows XP will attempt a local logon.

    NOTE: You can implement this change via group policy by defining a Shutdown script that contains:

    REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V NoDomainUI /T REG_DWORD /D 1 /F

    I have scripted NoDomainUI.bat to set the NoDomainUI Value Name to 1 on all your Windows XP domain members.

    The syntax for using NoDomainUI.bat is:

    NoDomainUI [Exclude1 Exclude2 ExcludeN]

    Where ExcludeX is an optional list of \\ComputerNames to bypass.

    NoDomainUI.bat contains:

    @echo off
    set qry=reg.exe query
    set add=reg.exe add
    set fnd=FINDSTR /L /I /B /V /G:"%TEMP%\NoDomainUI.TMP"
    if exist "%TEMP%\NoDomainUI.TMP" del /q "%TEMP%\NoDomainUI.TMP"
    if {%1}=={} goto loopend
    @echo %1>>"%TEMP%\NoDomainUI.TMP"
    goto loop
    @echo END_OF_NoDomainUI_EXCLUSION>>"%TEMP%\NoDomainUI.TMP"
    for /f "Tokens=1" %%c in ('net view^|find /i "\\"^|%fnd%') do (
     for /f "Tokens=2*" %%r in ('%qry% "%%c\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CurrentVersion^|find "REG_SZ"') do (
     if "%%s" EQU "5.1" @echo %%c&%add% "%%c\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V NoDomainUI /T REG_DWORD /D 1 /F &@echo.
    Let me know if this helps!
    LVL 82

    Accepted Solution

    Log on once locally with a domain admin account, using not the UPN but the domain dropdown box, logoff again.
    Or start regedit on the terminal server, go to HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon, and set the REG_SZ value "DefaultDomainName" to the NetBIOS name of your domain.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This video discusses moving either the default database or any database to a new volume.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now