Using GPOs to change default logon domain name in the logon screen


Symptoms


In multi domain environment, there are scenarios where users consistently login to workstations that are joined to a different domain than that of the logged in user. By default the domain that the workstation is joined to is listed as the default domain name and other domain users have to always provide the user name as "domain\username" to login correctly. Also there are scenarios where the machine is domain joined but the logins are almost always happening with local user accounts (using .\username).

Cause


Its a common mistake that users make to skip the domain name and unknowingly attempt to login to a different domain than theirs and result in failures. To avoid these problems and improve user experience you may decide to choose a default logon domain name that is different from workstation domain name.

Resolution


The following group policy setting is available in Windows Vista or above  opersating systems:

    • Assign a default domain for logon

To enable default domain for logon, follow these steps:

1.Click Start, and then click Run.
2.In the Open box, type gpedit.msc, and then click OK.
3.Under Computer Configuration, expand Administrative Settings, expand System, and then click Logon.
4.In the right pane, double click the setting "Assign a default domain for logon" and choose Enabled.
5.Under Options you may provide the name of the domain you want to be set as default

Note: Use Group Policy Management console(GPMC.msc) to create a GPO and configure the settings at domain or OU level.

The “Assign a default domain for logon “ group policy specifies a default logon domain which may be different domain than the machine joined domain. You can enable this policy setting and add the preferred domain name so that the default logon domain name will be set to the specified domain which may not be the machine joined domain. If you enable this policy and set the domain name as "." (Without any quotes), once the policy is applied to the machine, users will see "." as their default domain and unless users specify a domainname\username to login, all users will be treated as local users. (.\username)

Requirements: This policy is applicable to Windows Vista or above.

More Information


Article 555050 (http://support.microsoft.com/kb/555050) talks about a startup script to achieve this result in earlier Windows operating systems. In Windows Vista or above you have this much easier option to use group policies and achieve the same results.