Archived from groups: microsoft.public.win2000.security (
More info?)
I don't know of any way that you can remove a domain, why do you need to do
this?
If its because users log onto the incorrect domain, then you can force a
default domain and then hide the domain list using group policy.
Although there is no group policy setting to do this, I got around the problem
by writing a custom ADM file which changes a couple of registry keys in:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon.
The 2 keys to change are:
ShowLogonOptions - set to 0 to hide the domain list &
DefaultDomainList - set this to the domain you need to logon to.
Here's a copy of the ADM file:
;****************************************************************
;* Custom ADM file to force specific domain to logon to. You'll *
;* need to also change group policy \Computer\AdminTemplates\Sy *
;* stem\GroupPolicy\ Enable Registry Policy Processing, and *
;* enable "process even if the group policy objects have not *
;* changed" *
;* Written by Gary Middleton,UK *
;****************************************************************
CLASS MACHINE
CATEGORY !!Logon
POLICY !!HideDomainList
EXPLAIN !!HideDomainList_Help
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
VALUENAME ShowLogonOptions
VALUEON NUMERIC 0 ; removes dropdown list
VALUEOFF NUMERIC 1 ; enables dropdown list
END POLICY
POLICY !!DefaultDomain
EXPLAIN !!DefaultDomain_Help
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
VALUENAME DefaultDomainName
VALUEON "DOMAINNAME" ;where DOMAINNAME is the domain you want the
users to logon to
VALUEOFF ""
END POLICY
END CATEGORY
[strings]
Logon="Logon Options"
HideDomainList="Hide Domain List"
HideDomainList_Help="Enabling this settings hides the domain list from the
CTRL+ALT+DELETE screen.Disabling will show the domain list."
DefaultDomain="Default Domain"
DefaultDomain_Help="Default domain name to set to DOMAINNAME if enabled. It
will be the default option in the drop down list at the CTRL+ALT+DELETE
screen"
Just cut & paste into wordpad, save
with a .ADM extension. Load GPMC, right click administrative Tools &
add template, find location of the saved adm file.
To view change view\filtering from the menu with the policy loaded,
uncheck box "only show policy settings that can be fully managed"
You'll then be able to edit the 2 keys in your new Admin Template
within the policy.
Hope this helps,
Gary Middleton.
p.s. At least if you've already fixed this, it will show up in google groups
& help someone else - I couldnt find this solution anywhere.
"Matt" wrote:
> Can you remove a domain in the "log in to" drop down list on the login page?
> I have a dedicated forest root domain that I do not want viewable.
> Removing from WINS only removes from the network browser.