Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Remove ability for Terminal users to change domain

  • Filter
  • Time
  • Show
Clear All
new posts

  • Remove ability for Terminal users to change domain

    I have a Windows 2000 Server network using Citrix and Terminal Services. We had the Novell client installed on our citrix servers, but did not use the Novell permissions... so basically the Novell login was an extra unnecessary step. I removed the Novell client and now the login box is the Windows 2000 box. Basically, I would like for the login box to default to have the username and password as the only enterable fields, and the domain/local workstation selection is not visible. Is there a GPO setting for this so that it will take effect globally for all users? When you click the Options button it hides/unhides this option, but right now I have to do this on an individual basis. I would like to hide it by default. Thanks

  • #2
    Go to HKLM\Software\Microsfot\Windows NT\CurrentVersion\Winlogon, and set "ShowLogonOptions" to "0" then set the "DefaultDomainName" to "YOURDOMAINHERE". You can push down these registry keys then lock it down using a GPO in Computer Configuration->Windows Software->Security Settings->Registry under MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Deny domain users write access to this key and then lock the permission from being altered.

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **