Solved

Window 7 Default Domain Logon

Posted on 2011-03-24
7
908 Views
Last Modified: 2012-05-11
I'm the admin on a Server 2003 domain. The company is just beginning to purchase desktop and notebook computers with Windows 7 Pro or Ultimate installed. For security the "Last User Logon Name" is not displayed on any of the corporate computer's logon window.

What's happening is even though a computer is the member of the domain, if the user does not prefix his/her logon name with the domain name (i.e. "mydomain\administrator") the logon defaults to the local machine. This has led to access problems for users who think they're connecting to the domain but are in fact only gaining access to their local computer account. Granted, this only occurs if the user name has a profile on the local machine as well as on the domain; but that unfortunately includes all of the notebook computer users as well as a number of other personnel.

I did find an article that modifies the WinLogon/DefaultDomainName registry key but changing the value had no effect on the Windoes 7 Ultimate test notebook PC I'm working on. Ditto attempting to use a GPO to change the default.

Any help is greatly appreciated.
0
Comment
Question by:SnakeEyedMojo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 13

Expert Comment

by:BCipollone
ID: 35210759
Well.... Why do the computers have both? Why not remove the local profile, especially if it is a work computer and not a personal computer. I do not see any need for having 2 seperate profiles.

0
 
LVL 13

Expert Comment

by:BCipollone
ID: 35210793
May want to try this out though:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"="YourDomain"

0
 

Author Comment

by:SnakeEyedMojo
ID: 35210812
When the sales people are out on the road they're not connected to the domain. They need the local profile to use applications like Word and Excel. Likewise they use the documents from "My Documents" folder on the hard disk. When they connect to the domain they usually access files on a network share and require access to client-server apps.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:SnakeEyedMojo
ID: 35211099
BCipollone: I've done that. Doesn't work.
0
 

Accepted Solution

by:
SnakeEyedMojo earned 0 total points
ID: 35244816
This question has been resolved. The Experts Exchange article, "Creating a Group Policy ADM to set the DefaultDomainName registry key" headed me in the right direction. However the GPO ADM code in that article did not work on my 2003 domain server. After some trial and error the original code has been modified to the following:

CLASS MACHINE
     CATEGORY "DOMAIN Settings"
          CATEGORY "DOMAIN Server Setting"
               POLICY "Default Domain"
                    KEYNAME SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
                    PART "Default Domain Name" EDITTEXT
                        VALUENAME DefaultDomainName
                        DEFAULT xxxxxxxx
                    END PART
               END POLICY
     END CATEGORY
END CATEGORY

where xxxxxxxx is the domain name. Note that some of the values had to have the quotation marks removed when compared to the code found in the original article. Also an "END PART" statement has been added.

I noted in an earlier reply that modifying the …\WinLogon\DefaultDomainName registry value on the notebook PC did not work. That is still the case but if the registry value is modified using the GPO then it works as its supposed to.

When attached to the domain (via an Ethernet cable or by a wireless connection) the notebook only requires the user's logon name and not the domain name prefix. The first time the user logs on to the notebook when not attached to the domain, the computer name must be entered with the logon name (i.e. CNU04415DP\smithj). There after Windows 7 will authenticate to the domain or the local computer based upon its network connection or lack thereof.

Some caveats:
The domain name always appears in the logon window whether the computer is physically or wirelessly attached to the domain or not. This can now be ignored.
If the user is attached to the domain and wants to logon to the local computer for some reason, he/she MUST use the computer name prefix with the logon name (i.e. CNU04415DP\smithj).
Whether attached to the domain or not, if the logon name "administrator" is entered, the default logon is always to the local computer. The domain name prefix must be used when using the "administrator" logon whenever attaching to the domain.

In my opinion it would have been a lot easier if Microsoft had continued to use the XP classic logon window that included the domain/computer name scroll list.

0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 35473491
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question