Forcing Domain Logons in Win98

Cliff Green green at UMDNJ.EDU
Thu Mar 25 15:32:40 GMT 1999

On Fri, 26 Mar 1999, Lee Havemann wrote:

> Or grab poledit from any NT 4.0 system - works under win 95/98.
> Run poledit:
> Click on File > Open registry > Local Computer > Windows 95 Network >
> Logon > check the "Requires validation by network for Windows access"
> button.

We do this, too.  There is a problem with this, though.

In Win95:  if, with tweakui or some other method (e.g., custom code), you
clear the last username at logon, in order to clean up the logon screen
(Managment likes a clean screen :-) then there's nothing in
HKLM\Network\Logon\username (it's been a while, but I'm pretty sure that's
the key), and any luser can enter any name, password, and bogus domain and
get access to the PC.  No lan, but tcp/ip should be available.  In a
public facility, this is just asking for trouble.  If you don't clear the
last username, this seems to be closed, though I'd bet there's ways around
it (other than holding down F8 at boottime).  Not a clean logon screen,
but it seems to work.

In Win98, there's a registry key: HKLM\Network\Logon\DontShowLastUser,
which seems to get around this.

My point being that setting MustBeValidated isn't sufficient unto itself.

However...  Supposedly, you can set the workgroups/domains and restrict
the user's options with a wrkgrp.ini file (see:  I
tried using this about a year ago, and ran into some problems
(unfortunately, it didn't do what we wanted at the time, and I don't
recall why it/I failed - sorry).

Cliff Green				green at
Academic Computing Service			  UMDNJ
voice: 732-235-5250		      fax: 732-235-5252

More information about the samba-ntdom mailing list