Modifying the default logon behavior in Windows Server 2008 and Windows Server 2008 R2 Domain Controller

By default, you must start a domain controller in DSRM to log on by using the DSRM Administrator account.

However, you can change this behavior by modifying the "DSRMAdminLogonBehavior" registry entry.

1.     At DC1, login as Domain Administrator.

2.     Click “Start”, enter “regedit”.

3.     Navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\

Figure 1: Registry key location

4.     Right-click on “LSA”, select “New > DWORD (32-bit) Value”.

5.     Enter “DSRMAdminLogonBehavior”.

6.     Double-click on “DSRMAdminLogonBehavior”.

7.     Under Value data, type “2” click “OK”.

Figure 2: DSRMAdminLogonBehavior

8.     Close Registry Editor.

Now you can log in as local administrator.

This posting is provided “AS IS” with no warranties, and confers no rights!