Skip navigation

How can I use a Group Policy Object (GPO) to set the default logon domain?

A. The default domain name is stored in the DefaultDomainName registry value, but no built-in Group Policy setting to control its value. You can easily create a custom .adm file that will let you configure the default domain for computers that have the GPO applied. To do so, save this code as defaultdomain.adm in the C:\windows\inf folder.

CATEGORY "Logon Settings" 
  KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 
    POLICY "Default Domain" 
      PART "Default Domain" EDITTEXT 
        VALUENAME "DefaultDomainName" 
      END PART 

You can then add this template to an existing or new GPO's Computer Configuration section. To do so, select Add/Remove Templates. Click Add and select the defaultdomain.adm file. Because this registry subkey isn't in a standard, managed portion of the registry, you won't see it until you select Filtering under the View menu and clear the "Only show policy settings that can be fully managed" check box, as the figure shows.

The new policy will be available under Computer Configuration, Administrative Templates, Logon Settings, Default Domain. The policy sets the specified domain on computers that receive the policy, as the figure shows. During migrations between domains, this policy saves users from having to select a new domain from the drop-down list.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.