Re: Remove domain from 'log in to ' drop down list

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: David Everett [MSFT] (deverett_at_online.microsoft.com)
Date: 08/20/04 

Date: Fri, 20 Aug 2004 09:37:51 -0500

Hi Matt,

You can't hide the root domain from being listed in the Log on to field.
When you don't see this you have a trust issue with the root.

You could use UPN names to logon, username@domain.com, which blanks out the
Log on to field but if a user backspaces and removes the @domain.com from
their alias the domain list is made visible.

The only real solution to make the domain list hidden at logon is to Require
Smart Cards for interactive logon. The user still has a domain user account
and password plus they have to enter a pin when they insert the card for
logon. To make this work you would need to apply SP2 to the Windows XP
Machines or the hotfix mentioned below and Enable the policy setting called
"To specify that users can log on to the computer only by using a smart
card" in GPO.

As an Admin it might be cumbersome to carry an additional card around for
enterprise management but you could use RunAs to manage everything once you
are logged in.

834875 Update for the "Interactive logon: Require smart card" security
setting
http://support.microsoft.com/?id=834875

832026 "Local Policy of This System Requires You to Logon Using a Smart
Card"
http://support.microsoft.com/?id=832026

294676 How To Enable and Use the "Run As" Command When Running Programs in
http://support.microsoft.com/?id=294676 

-- 
David Everett
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
"Matt" <Matt@discussions.microsoft.com> wrote in message
news:0899F425-8421-4299-B1C0-303AFC5B7ECD@microsoft.com...
> Can you remove a domain in the "log in to" drop down list on the login
page?
> I have a dedicated forest root domain that I do not want viewable.
> Removing from WINS only removes from the network browser.

Relevant Pages

  • Re: LogOnUser with Smart Card Credentials
    ... from the Windows logon dialog and serves our application only). ... call LogonUser with the credentials provided in the dialog. ... The card needs to be present to verify the PIN and also to obtain a token. ...
    (microsoft.public.platformsdk.security)
  • Re: LogOnUser with Smart Card Credentials
    ... from the Windows logon dialog and serves our application only). ... call LogonUser with the credentials provided in the dialog. ... The card needs to be present to verify the PIN and also to obtain a token. ...
    (microsoft.public.platformsdk.security)
  • Re: Windows logon through smart card.
    ... A real PKINIT SC logon uses a private key on the card. ... architecture and to enable smart card logon we have to hook msgina. ... If its a certificate based logon then how ...
    (microsoft.public.platformsdk.security)
  • RE: GINA - exception in winlogon
    ... method for smart card logon in order to access system but ... certificate logon to unlonk the system, so it produces a new authentication ... our idea is to unlock the system only via smart card PIN authentication, ...
    (microsoft.public.platformsdk.security)
  • Re: Number of cached logons
    ... Our users are not using smart cards or anything other than NTLM ... using their domain accounts to log on. ... He uses VPN ... RAS logon feature. ...
    (microsoft.public.win2000.group_policy)