Solved

Window 7 Default Domain Logon

Posted on 2011-03-24
7
863 Views
Last Modified: 2012-05-11
I'm the admin on a Server 2003 domain. The company is just beginning to purchase desktop and notebook computers with Windows 7 Pro or Ultimate installed. For security the "Last User Logon Name" is not displayed on any of the corporate computer's logon window.

What's happening is even though a computer is the member of the domain, if the user does not prefix his/her logon name with the domain name (i.e. "mydomain\administrator") the logon defaults to the local machine. This has led to access problems for users who think they're connecting to the domain but are in fact only gaining access to their local computer account. Granted, this only occurs if the user name has a profile on the local machine as well as on the domain; but that unfortunately includes all of the notebook computer users as well as a number of other personnel.

I did find an article that modifies the WinLogon/DefaultDomainName registry key but changing the value had no effect on the Windoes 7 Ultimate test notebook PC I'm working on. Ditto attempting to use a GPO to change the default.

Any help is greatly appreciated.
0
Comment
Question by:SnakeEyedMojo
  • 3
  • 2
7 Comments
 
LVL 13

Expert Comment

by:BCipollone
ID: 35210759
Well.... Why do the computers have both? Why not remove the local profile, especially if it is a work computer and not a personal computer. I do not see any need for having 2 seperate profiles.

0
 
LVL 13

Expert Comment

by:BCipollone
ID: 35210793
May want to try this out though:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"="YourDomain"

0
 

Author Comment

by:SnakeEyedMojo
ID: 35210812
When the sales people are out on the road they're not connected to the domain. They need the local profile to use applications like Word and Excel. Likewise they use the documents from "My Documents" folder on the hard disk. When they connect to the domain they usually access files on a network share and require access to client-server apps.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:SnakeEyedMojo
ID: 35211099
BCipollone: I've done that. Doesn't work.
0
 

Accepted Solution

by:
SnakeEyedMojo earned 0 total points
ID: 35244816
This question has been resolved. The Experts Exchange article, "Creating a Group Policy ADM to set the DefaultDomainName registry key" headed me in the right direction. However the GPO ADM code in that article did not work on my 2003 domain server. After some trial and error the original code has been modified to the following:

CLASS MACHINE
     CATEGORY "DOMAIN Settings"
          CATEGORY "DOMAIN Server Setting"
               POLICY "Default Domain"
                    KEYNAME SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
                    PART "Default Domain Name" EDITTEXT
                        VALUENAME DefaultDomainName
                        DEFAULT xxxxxxxx
                    END PART
               END POLICY
     END CATEGORY
END CATEGORY

where xxxxxxxx is the domain name. Note that some of the values had to have the quotation marks removed when compared to the code found in the original article. Also an "END PART" statement has been added.

I noted in an earlier reply that modifying the …\WinLogon\DefaultDomainName registry value on the notebook PC did not work. That is still the case but if the registry value is modified using the GPO then it works as its supposed to.

When attached to the domain (via an Ethernet cable or by a wireless connection) the notebook only requires the user's logon name and not the domain name prefix. The first time the user logs on to the notebook when not attached to the domain, the computer name must be entered with the logon name (i.e. CNU04415DP\smithj). There after Windows 7 will authenticate to the domain or the local computer based upon its network connection or lack thereof.

Some caveats:
The domain name always appears in the logon window whether the computer is physically or wirelessly attached to the domain or not. This can now be ignored.
If the user is attached to the domain and wants to logon to the local computer for some reason, he/she MUST use the computer name prefix with the logon name (i.e. CNU04415DP\smithj).
Whether attached to the domain or not, if the logon name "administrator" is entered, the default logon is always to the local computer. The domain name prefix must be used when using the "administrator" logon whenever attaching to the domain.

In my opinion it would have been a lot easier if Microsoft had continued to use the XP classic logon window that included the domain/computer name scroll list.

0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 35473491
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now