How to Authenticate a User Against All Trusted Domains

The information in this article applies to:

• Microsoft Internet Information Server versions 2.0 and 3.0

SYMPTOMS

By default, Microsoft Internet Information Server will validate an unqualified user logon ID against either the local computer's user database or the domain which the server is a member of. By changing an entry in the registry, you can force Microsoft Internet Information Server to validate the user against one domain of your choice.

This information is contained in the online product documentation as follows:

   DefaultLogonDomain REG_SZ
   Range: string
   Default: domainname
   Specifies the default logon domain that validates a clear-text logon
   when no domain is specified in the user name field. The default value
   is the domain name for servers that are domain controllers or the name
   of the local computer (if stand-alone).

WORKAROUND

WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

To validate the unqualified user logon against all trusted domains and the local user accounts database do the following:

1. Run Registry Editor (Regedt32.exe).

2. Go to the following key in the registry:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ ServiceName\Parameters

3. On the Edit menu, click Add Value, and use the following entry:

         Value Name: DefaultLogonDomain
         Data Type:  REG_SZ
         Value:      \\Computername
   
   

4. Exit the Registry Editor and restart the computer for the change to take effect.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Internet Information Server versions 2.0 and 3.0.