Due to trusts between different domains, the NT logon screen lists all of these domains. Users have a logon account on both domains, but on certain PC's we don't want them to logon to any other but one domain.
EG.
NT logon list DomA and DomB. On this PC they are only allowed to log on to DomA.

Can we remove DomB from the logon list on this PC? Or can we, in any other way, prevent users a logon on DomB on this PC ?

Using the logon script on the other domain, I now use logoff.exe to force a logof depending on the computername of the machine.
Sometimes it takes a while though (due to large profiles) before the logon-script is started and thus the user is logged off again.

I would like a cleaner solution to this matter...

If you don't need these particular computers in both domains, why not remove them from the unwated domain? That would prevent anyone from logging into that domain.

"We must walk conciously only part way toward our goal, and then leap in the dark to our success." Thoreau

The PC's are only registered in the correct domain. It is because of a trust that they can log in on the other domain.

You can use a policy to prevent the users from logging on to the trusted domain. You can use either a machine policy or a user policy, or a combination of both. Poledit is the tool to do this in winNT.

If I can use a policy to prevent this, could you please tell me what policy it is, which adm it should be in and where I can find it, because I have searched and searched and can't find a policy that does this ...

http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=13535

Patrick (http://www.winguides.com/forums/sendprivate.php?Cat=&User=POBrien&Board=&Number=&what=online&page=&view=&sb=&part=&vc=><font)</font color=green> /images/forums/icons/smile.gif
<a target="_blank" href=http://www.winguides.com/subscribe/?guide=registry>WinGuides</a>

Thanx for the link.

I tried it, but it doesn't seem to prvent me from logging on to a different domain. Or maybe I'm doing something wrong ...

That's unfortunate. I provided the same link to another tech over a year ago. He reported back that it worked fine.

I'm sure ntfaq wouldn't post the tip if it didn't work.

There is probably some other current config setup in your Domain scripting that may be preventing the tweak from working. But what?

Pat

Probably.
I must admit I'm not the expert and don't understand all what the link is talking about. Besides, the entire setup of the network out here, and all the domains we have, is something slightly out of the ordinary. I'd much rather remove one way of the two way trust, but I'm not allowed to do that ;)

I read ya.

Pat