Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Prevent manual default domain name change

Posted on 2007-04-03
9
Medium Priority
?
1,275 Views
Last Modified: 2008-05-31
We are deploying Windows 2003 server/Active Directory with Windows XP workstations.

You can disable the drop-down box in the GINA from appearing (we've got that).  This coupled with setting the DefaultDomainName should set the domain and prevent users from changing it via the drop-down.
 
This works but isn't perfect.  Users can still login locally or to another domain by typing it in manually .  When this is done, the DefaultDomainName registry key gets set to the domain or computer name that the user entered.  It remains set to this other domain. When the next user logs in, their login fails because the default domain is no longer the right one.

How can we prevent the default domain name from being changed when a user manually logs into another domain or the local computer?
0
Comment
Question by:dlcarraw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18847150
You can't !
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18847476
seconded
0
 
LVL 1

Author Comment

by:dlcarraw
ID: 18989046
The solution is to poke the registry at login using regedit /s to poke the right DefaultDomainName value into the registry. This assumes the user has rights to run regedit.

For example.
Create a file called DOIT.REG like this one. Save it somewhere safe-ish, like C:\Program Files\DOIT.
-------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AltDefaultDomainName"="MyDomain"
"DefaultDomainName"="MyDomain"
-------------------

Add this string value to HKLM\Software\Microsoft\Windows\Run
doit="regedit /s c:\program files\doit\doit.reg"

Then at startup, after the  user logs in the registry value should be set back to the default you specified.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 1

Author Comment

by:dlcarraw
ID: 18989057
The comments of "you can't" with no explanation were not useful.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18996361
thats a nice little trick - i will be using that in future i beleive
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19167592
PAQed with points refunded (50)

Computer101
EE Admin
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question