Disabled Account message

G

Guest

Hello to all NG!

I was wondering if is possibile, without dll hack or similar, to change the
default message when users try to logon with a disabled account. I would like
to change the default message "Your account has been disabled... etc" in
something like "Your account is disabled, please try to log on on mydomain"
mydomain is actually the netbios name of another AD domain in the forest.

Any help would be very very appreciated. Thanks in advance, Daniele.
 
T

Tim Springston [MSFT]

Hi Daniele-

If the specific error you're asking about it "Logon failure: account
currently disabled.", this error is defined in code and not alterable.

The only suggestion I would have would be to possibly have a logon message
saying something like "If your receive the error *Logon failure: account
currently disabled*, logon to domain X.".

This logon message can be set through group policy. Here's the Help info on
that setting from a Server 2003 domain controller:

****************************
Interactive logon: Message text for users attempting to log onDescription
This security setting specifies a text message that is displayed to users
when they log on.

This text is often used for legal reasons, for example, to warn users about
the ramifications of misusing company information or to warn them that their
actions may be audited.

Default: No message.

Configuring this security setting
You can configure this security setting by opening the appropriate policy
and expanding the console tree as such: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\

For specific instructions about how to configure security policy settings,
see To edit a security setting on a Group Policy object.

Caution

Windows XP and the Windows Server 2003 family add support for configuring
logon banners that can exceed 512 characters in length and that can also
contain carriage-return line-feed sequences. However, Windows 2000 clients
cannot interpret and display message text that is created by computers
running Windows XP or the Windows Server 2003 family. You must use a Windows
2000 computer to create a logon message policy that applies to Windows 2000
computers. If you inadvertently create a logon message policy using a
computer running Windows XP Professional or the Windows Server 2003 family,
and you discover that it does not display properly on Windows 2000
computers, do the following:
Undefine the setting.
Redefine the setting using a Windows 2000 computer.
Simply changing a Windows XP Professional or a Windows Server 2003
family-defined logon message policy using a Windows 2000 computer does not
work. The setting must be undefined first.
*********************

Please repost if we can help further.
--

Tim Springston
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to delete the DC computer account from the Domain Controllers 4
Account disabled 1
Administrator account has been disabled. 1
Get Netbios domain name from active directory 3
Strange behavior:unique user getting message cannot logon interactively;added user to local group an 1
Getting 'account disabled' message??? 1
2k3 domain controller, disabled admin account 6
Account Has Been Disabled 1

Top