Solved

Prevent manual default domain name change

Posted on 2007-04-03
9
1,274 Views
Last Modified: 2008-05-31
We are deploying Windows 2003 server/Active Directory with Windows XP workstations.

You can disable the drop-down box in the GINA from appearing (we've got that).  This coupled with setting the DefaultDomainName should set the domain and prevent users from changing it via the drop-down.
 
This works but isn't perfect.  Users can still login locally or to another domain by typing it in manually .  When this is done, the DefaultDomainName registry key gets set to the domain or computer name that the user entered.  It remains set to this other domain. When the next user logs in, their login fails because the default domain is no longer the right one.

How can we prevent the default domain name from being changed when a user manually logs into another domain or the local computer?
0
Comment
Question by:dlcarraw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18847150
You can't !
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18847476
seconded
0
 
LVL 1

Author Comment

by:dlcarraw
ID: 18989046
The solution is to poke the registry at login using regedit /s to poke the right DefaultDomainName value into the registry. This assumes the user has rights to run regedit.

For example.
Create a file called DOIT.REG like this one. Save it somewhere safe-ish, like C:\Program Files\DOIT.
-------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AltDefaultDomainName"="MyDomain"
"DefaultDomainName"="MyDomain"
-------------------

Add this string value to HKLM\Software\Microsoft\Windows\Run
doit="regedit /s c:\program files\doit\doit.reg"

Then at startup, after the  user logs in the registry value should be set back to the default you specified.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 1

Author Comment

by:dlcarraw
ID: 18989057
The comments of "you can't" with no explanation were not useful.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18996361
thats a nice little trick - i will be using that in future i beleive
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19167592
PAQed with points refunded (50)

Computer101
EE Admin
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question