Prevent manual default domain name change
Posted on 2007-04-03
We are deploying Windows 2003 server/Active Directory with Windows XP workstations.
You can disable the drop-down box in the GINA from appearing (we've got that). This coupled with setting the DefaultDomainName should set the domain and prevent users from changing it via the drop-down.
This works but isn't perfect. Users can still login locally or to another domain by typing it in manually . When this is done, the DefaultDomainName registry key gets set to the domain or computer name that the user entered. It remains set to this other domain. When the next user logs in, their login fails because the default domain is no longer the right one.
How can we prevent the default domain name from being changed when a user manually logs into another domain or the local computer?