JSI Tip 3031. How do I prevent a Windows NT 4.0 users from toggling the Domain box during log on?

If you wish to insure that your Windows NT 4.0 clients always log on to a specific domain:

1. Use Regedt32 to navigate to:

    HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon

2. Edit or Add Value name DefaultDomainName, as a REG_SZ data type. Set the data value to the domain name that you want to force.

3. Use Security / Permissions to set on Read permissions for all the users and groups currently listed for the Winlogon key. If the user is NOT a local Administrator, you can try leaveing the permission on Administrators as Full Control.

4. Shutdown and restart.

Users will not be able to toggle the Domain drop-down when they log on.

NOTE: This procedure does NOT work for Windows 2000 and hangs the logon process. You can set the DefaultDomainName and AltDefaultDomainName values to the downlevel domain name and set the DefaultUserName and AltDefaultUserName to @. This will inactivate the drop-down box, but if the user deletes the @ while entering their UserID, the drop-down is activated.

NOTE: If a user enters @ during log on, Windows 2000 will inactivate the Domain drop-down.