NT Gatekeeper--Troubleshooting a Group Policy Logon Banner Problem

Learn two ways to enforce your NT 4.0 logon banner to display fully.

Jan De Clercq

November 25, 2001

2 Min Read
ITPro Today logo

I can't make the logon banner text display fully. The last words of the banner text are truncated, although I can use the down arrow to display the rest of the text. Windows NT 4.0 system policies enforce the logon banner. Is this behavior typical or a known bug? If it's a bug, how can I address it?

Microsoft provides two solutions for this known NT system policy bug. If you want to continue using system policy to enforce your logon banner, you must install Service Pack 4 (SP4) or later or a hotfix available from Microsoft Product Support Services (PSS). Either approach requires you to manually edit the winnt.adm policy template to set the Maxlen property of the Logonbanner policy (which is by default limited to 255 characters) to a higher value. On an SP4 or later system, you can change Maxlen's value to 1024. On a system that has the hotfix installed, you can change Maxlen's value to 2048. For details about the winnt.adm Maxlen changes and the required hotfix, see the Microsoft article "System Policy Editor Will Not Allow More Than 255 Characters" (http://support.micro soft.com/support/kb/articles/q173/3/85.asp).

If you don't want to install a service pack, you can force the logon banner text to display fully by using some means other than system policy to change the registry on all affected machines. You can find the registry value that controls the logon banner, LegalNoticeText (REG_SZ), in the HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows NTCurrent VersionWinlogon registry subkey. To automate distributing this change, you can enforce execution of a *.reg file that contains the logon banner registry changes in your users' logon scripts. Or you can use the Microsoft Systems Management Server (SMS) software installation features to distribute the same *.reg file. For an example of how to apply a registry change using a *.reg file executed from a batch script, see "Changing the last logged-on user account name," August 2001.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like