JSI Tip 3031. How do I prevent a Windows NT 4.0 users from toggling the Domain box during log on?

If you wish to insure that your Windows NT 4.0 clients always log on to a specific domain:

1. Use Regedt32 to navigate to:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

2. Edit or Add Value name DefaultDomainName, as a REG_SZ data type. Set the data value to the domain name that you want to force.

3. Use Security / Permissions to set on Read permissions for all the users and groups currently listed for the Winlogon key. If the user is NOT a local Administrator, you can try leaveing the permission on Administrators as Full Control.

4. Shutdown and restart.

Users will not be able to toggle the Domain drop-down when they log on.

NOTE: This procedure does NOT work for Windows 2000 and hangs the logon process. You can set the DefaultDomainName and AltDefaultDomainName values to the downlevel domain name and set the DefaultUserName and AltDefaultUserName to <UserId>@<DownLevel Domain Name>. This will inactivate the drop-down box, but if the user deletes the @<DownLevel Domain Name> while entering their UserID, the drop-down is activated.

NOTE: If a user enters <UserId>@<DownLevel Domain Name> during log on, Windows 2000 will inactivate the Domain drop-down.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish