none
MDT 2013 Domain logon in stead of local logon after image deployment

    Question

  • Quick question: I am very happy with the way our reference image (just one, I love MDT) is now deployed to fifteen different types of Dell hardware, but for me there is just one fly in the ointment that prevents it from being a perfect deployment :-)

    At the end of the deploying task sequence, the logon screen is initially set to local (HOSTNAME\administrator), requiring the user to manually change this to a domain logon. How can I change this?

    Many thanks in advance, I should be able to figure this one out by myself but my brain is kinda broken today..

    Tuesday, July 08, 2014 12:06 PM

Answers

  • If the machine is domain joined, you can force it through GPO to always have:

    - the CTRL+ALT+DEL screen available at logon
    - Provide the fqdn name in the logon screen

    Check the following policy template: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options "Interactive logon: Do not require CTRL+ALT+DEL" and Computer Configuration\Administrative Templates\System\Logon "Assign a default domain for logon"

    Next to this, if you perform a reboot after deployment, does this still occur?

    Put the following line in your customsettings.ini:

    FinishAction=REBOOT


    If this post is helpful please click "Mark for answer", thanks! Kind regards

    Tuesday, July 08, 2014 12:50 PM

All replies

  • If the machine is domain joined, you can force it through GPO to always have:

    - the CTRL+ALT+DEL screen available at logon
    - Provide the fqdn name in the logon screen

    Check the following policy template: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options "Interactive logon: Do not require CTRL+ALT+DEL" and Computer Configuration\Administrative Templates\System\Logon "Assign a default domain for logon"

    Next to this, if you perform a reboot after deployment, does this still occur?

    Put the following line in your customsettings.ini:

    FinishAction=REBOOT


    If this post is helpful please click "Mark for answer", thanks! Kind regards

    Tuesday, July 08, 2014 12:50 PM
  • Hello

    Rens Hollanders solution is by far the best, however you can use registry changes aswell, if you don't feel like using a GPO, take a look at this:

    You can specify the default domain name in the registry at the following
    registry keys:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\WinLogon\DefaultDomainName

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\WinLogon\AltDefaultDomainName

    Tuesday, July 08, 2014 1:14 PM
  • You can try running this command line at the end of deployment and reboot

    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUser /d "" /f

    Tuesday, July 08, 2014 2:41 PM
  • Rens, Kasper and Tiptronic, thanks for the suggestion but somehow the gpo solution doesn't work for me, but there is a FinishAction=REBOOT in CustomSettings.ini. I'll try the regisrty options in stead...

    In fact, the only big change is that the deployment share went from MDT2012 Update 1 to MDT2013, the deployed ref image, CS.ini and all other settings remain the same. Could it be a change in "default" behaviour? Since the old DS (2012) ends in domain logon and the new one (2013) doesn't?

    Wednesday, July 09, 2014 6:48 AM