Solved

Prevent manual default domain name change

Posted on 2007-04-03
9
1,273 Views
Last Modified: 2008-05-31
We are deploying Windows 2003 server/Active Directory with Windows XP workstations.

You can disable the drop-down box in the GINA from appearing (we've got that).  This coupled with setting the DefaultDomainName should set the domain and prevent users from changing it via the drop-down.
 
This works but isn't perfect.  Users can still login locally or to another domain by typing it in manually .  When this is done, the DefaultDomainName registry key gets set to the domain or computer name that the user entered.  It remains set to this other domain. When the next user logs in, their login fails because the default domain is no longer the right one.

How can we prevent the default domain name from being changed when a user manually logs into another domain or the local computer?
0
Comment
Question by:dlcarraw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18847150
You can't !
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18847476
seconded
0
 
LVL 1

Author Comment

by:dlcarraw
ID: 18989046
The solution is to poke the registry at login using regedit /s to poke the right DefaultDomainName value into the registry. This assumes the user has rights to run regedit.

For example.
Create a file called DOIT.REG like this one. Save it somewhere safe-ish, like C:\Program Files\DOIT.
-------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AltDefaultDomainName"="MyDomain"
"DefaultDomainName"="MyDomain"
-------------------

Add this string value to HKLM\Software\Microsoft\Windows\Run
doit="regedit /s c:\program files\doit\doit.reg"

Then at startup, after the  user logs in the registry value should be set back to the default you specified.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:dlcarraw
ID: 18989057
The comments of "you can't" with no explanation were not useful.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18996361
thats a nice little trick - i will be using that in future i beleive
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19167592
PAQed with points refunded (50)

Computer101
EE Admin
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question