General discussion

Locked

Multi domain logon

By katn ·
We are running a a win2k domain alongside our NT4. When users logon they can choose which domain to logon. They need access to both but should only logon the Win2k domain. Is there a way to only have users see the one domain in the logon box?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Joseph Moore In reply to Multi domain logon

All domains that are Trusted by your domain will be seen in the drop-down box.
From the sounds of it, you need the Trust running if users access resources in both your Domain and the Trusted Domain.
The only way to remove the other domain in the Domain drop-down is to remove the Trust between the 2 domains, and since the resources are needed, then that is not an option.
So, the short answer is no, not unless you remove the Trust. And that is not an option.

Collapse -

by katn In reply to

Poster rated this answer.

Collapse -

by mshavrov In reply to Multi domain logon

Yes. You have to create domains trust model. In simply words, you should configure relations between domains, to grant users, who are authenticated and trusted in Domain1, some rights in Domain2.

Good luck,

Michael Shavrov
MCSE W2K, MCSE+I, MCDBA, Security+, Checkpoint CSSA, CCNP, CCDP, ...

Collapse -

by katn In reply to

Poster rated this answer.

Collapse -

by ctmoore1998 In reply to Multi domain logon

As long as neither domain is a small business server you can create trusts between the domain so that no matter which domain the user logs on to they have access to the resources of the other domain.

Collapse -

by katn In reply to

Poster rated this answer.

Collapse -

by shawn In reply to Multi domain logon

As far as I know, there is no way to remove domain names from the logon dailog box. You can, however, always force what shows up in this part of the dialog.

HKLM\Software\Microsoft\WindowsNT\Current Version\Winlogon

has a value called DefaultDomain. You can set this to your Win2K domain, and that will always be what shows up on the login box. Then you just need to condition your users to not change this. )

Collapse -

by katn In reply to

Already knew this. Plus conditioning users isn't always possible. you get a few DFUs who think they can do anything. And some who could be told everyday and still not get it. Not worried about security just wasted time correcting the situation when they logon to wrong domain.

Collapse -

by katn In reply to Multi domain logon

This question was closed by the author

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums