LogonTasks

Log On

To log on to Active Directory using your username, password, and domain name , do this:

Ctrl+Alt+Delete enter your username in the User Name box enter your password choose your domain from the Log On To box OK

To log on to Active Directory using your user logon name or UPN, do this:

Ctrl+Alt+Delete enter your UPN in the User Name box enter your password OK

When you enter your UPN in the User Name box, the Log On To box grays out since you are already specifying your domain.

To log on to Active Directory using your downlevel logon name, do this:

Ctrl+Alt+Delete enter DOMAIN\username in the User Name box enter your password OK

Here, DOMAIN is the downlevel name of your domain. Again, when you enter DOMAIN\username in the User Name box, the Log On To box grays out since you are already specifying your domain.

Log Off

Ctrl+Alt+Delete Log Off

Logging off closes any foreground applications that are running on your machine but leaves the operating system and network services running. This means that other users on the network can still access resources on the machine if they are shared on the network.

Disable Display of Last Logged-On User

By default, when a user logs off from a WS2003 computer and then another user presses Ctrl+Alt+Delete on the same machine, the username of the first user is automatically displayed in the User Name box. In high-security environments, this behavior is not desirable, and you can prevent this from happening using Group Policy. On a standalone server, do this:

Start Run gpedit.msc OK Computer Configuration Windows Settings Security Settings Local Policies Security Options Interactive logon: Do not display last user name Define this policy setting Enabled

In a domain environment, do it this way:

Active Directory Users and Computers right-click on a domain or OU Properties Group Policy New specify a name select new GPO Edit Configuration Windows Settings Security Settings Local Policies Security Options Interactive logon: Do not display last user name Define this policy setting Enabled

Enable Verbose Logon Messages

You can cause Windows to display verbose status messages during logon, logoff , startup, and shutdown. This can sometimes be a valuable troubleshooting technique when startup, shutdown, or logon problems occur. On a standalone server, do this:

Start Run gpedit.msc OK Computer Configuration Administrative Templates System Verbose vs normal status messages Enabled

In a domain environment, do it this way:

Active Directory Users and Computers right-click on a domain or OU Properties Group Policy New specify a name select new GPO Edit Computer Configuration Administrative Templates System Verbose vs normal status messages Enabled

This enables verbose messages for all computers in the specified domain or OU.

Enable Automatic Logon

Start Run regedt32 Enter

Find the following registry key:

HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

Open the entry named DefaultUserName and type the UPN or downlevel logon name for the user and click OK. Then open the entry named DefaultPassword and type the password for the user and click OK. If the DefaultPassword entry is not present in this registry key, create it first by Edit new String Value DefaultPassword Enter

Open the entry named AutoAdminLogon and type the value 1 and click OK. If the AutoAdminLogon entry is not present in this registry key, create it first by Edit new String Value AutoAdminLogon Enter

Close Registry Editor and reboot your computer, and the specified user should now automatically log on.

You can temporarily bypass automatic logon by holding down Shift after Windows boots.

Enable or Disable Secondary Logon

Secondary logon is enabled by default in WS2003, but you can disable it on a standalone machine by:

Computer Management Services and Applications Services Secondary Logon Properties General Stop Startup type Manual

You can reenable secondary logon by:

Computer Management Services and Applications Services Secondary Logon Properties General Startup type Automatic Start

Use Secondary Logon

To start a program using secondary logon, find the icon, shortcut, or executable for the program and:

Right-click on program Run as The following user specify username and password

You can also use secondary logon in a command prompt session; see runas in Chapter 5 for more information.

Change Your Password

Ctrl+Alt+Delete Change Password

You must know your old password before you can specify a new one.

Reset Password for a User Account

Active Directory Users and Computers right-click on a user Reset Password

Specify the new password, then select "User must change password at next logon" if you want users to manage their own passwords. You may have to reset a user's password if the user has forgotten it or if the password has expired before the user has had a chance to change it.