Skip to main content

Flash Tip: August 3, 2005

Flash Tip: Setting the Default Logon Domain Using a Group Policy Object
By John Savill,

Q: How can I use a Group Policy object (GPO) to set the default logon domain?

A: The default domain name is stored in the DefaultDomainName registry value, but without a built-in Group Policy setting to control its value. You can easily create a custom .adm file that will let you configure the default domain for computers that have the GPO applied. To do so, save the following code as defaultdomain.adm in the C:\windows\inf folder.

CATEGORY "Logon Settings"
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
POLICY "Default Domain"
PART "Default Domain" EDITTEXT
VALUENAME "DefaultDomainName"

You can then add this template to an existing or new GPO's Computer Configuration section. To do so, select Add/Remove Templates. Click Add and select the defaultdomain.adm file. Because this registry subkey isn't in a standard, managed portion of the registry, you won't see it until you select Filtering under the View menu and clear the "Only show policy settings that can be fully managed" check box, as this figure shows.

Flash Tip

The new policy will be available under Computer Configuration, Administrative Templates, Logon Settings, and Default Domain. The policy sets the specified domain on computers that receive the policy, as this figure shows. This policy saves users from having to select a new domain from the drop-down list when they are migrating between domains.

Flash Tip

This Windows tip is brought to you by Windows IT Pro (formerly Windows & .NET Magazine), the top technical publication for IT Professionals. It is filled with technical how-to articles, strategies, tips, and solutions. Sign up now to get two free sample issues.