Subscribe to Windows IT Pro
July 12, 2005 12:00 AM

How can I use a Group Policy Object (GPO) to set the default logon domain?

John Savill
Windows IT Pro
InstantDoc ID #47055
Rating: (9)

A. The default domain name is stored in the DefaultDomainName registry value, but no built-in Group Policy setting to control its value. You can easily create a custom .adm file that will let you configure the default domain for computers that have the GPO applied. To do so, save this code as defaultdomain.adm in the C:\windows\inf folder. 

CATEGORY "Logon Settings" 
  KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 
    POLICY "Default Domain" 
      PART "Default Domain" EDITTEXT 
        VALUENAME "DefaultDomainName" 
      END PART 
    END POLICY 
END CATEGORY

You can then add this template to an existing or new GPO's Computer Configuration section. To do so, select Add/Remove Templates. Click Add and select the defaultdomain.adm file. Because this registry subkey isn't in a standard, managed portion of the registry, you won't see it until you select Filtering under the View menu and clear the "Only show policy settings that can be fully managed" check box, as the figure shows.

The new policy will be available under Computer Configuration, Administrative Templates, Logon Settings, Default Domain. The policy sets the specified domain on computers that receive the policy, as the figure shows. During migrations between domains, this policy saves users from having to select a new domain from the drop-down list.

Related Content:

ARTICLE TOOLS


Want to use this article? Click here for options!

Comments
Add A Comment
  • Craig
    5 years ago
    May 07, 2007

    Try using this for 2003 SP1 R2:-

    CLASS MACHINE
    CATEGORY !!Logon
    CATEGORY "Logon Settings"
    KEYNAME "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
    POLICY "Default Domain"
    PART "Default Domain" EDITTEXT
    VALUENAME "DefaultDomainName"
    END PART
    END POLICY
    END CATEGORY
    END CATEGORY
    [strings]
    Logon="Default domain selection"

  • Per
    5 years ago
    Feb 05, 2007

    Had the same error. I cleaned up the script (removed trailing spaces), removed the template, closed GP Editor, opened GP Editor, added the template and it worked.

  • Kevin
    5 years ago
    Jan 17, 2007

    Jim,

    I am also having this issue with a different GPO under the same conditions. I had originally put a GPO into place in December and I went to modify it just the other day and found I was unable to do so. I then removed it completly from AD and tried to add it again and was presented with the syntax error EXACTLY as you described. I think Microsoft may have goofed something up in a service pack. If I figgure this out, I will be sure to post back here.

    Kevin Sullivan
    Network Engineer
    CrossCheck, INC.

  • Jim
    6 years ago
    Jan 13, 2006

    I have tried to follow the steps in this article on Windows 2003 Server domain controller, but I keep getting an error that there is a syntax problem. It keeps saying that it found the keyword CATEGOR and it expected the keyword CATEGORY. However, when I look at the script, both instances of the word CATEGORY are spelled correctly. Any help would be very useful!

    Thanks,

    Jim Piller
    World Almanac Education
    I.T. Analyst
    jpiller@waebooks.com

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.