Credential provider needs default logon domain
My credential provider (under development) currently has a hard-coded logon domain. How do I determine the Windows 7 default logon domain? I do not want the last-used logon domain.
November 28th, 2010 10:50pm

I'd use WMI, you may want to use the Domain property of the Win32_ComputerSystem class. Here is how to get it from the command line, wmic path Win32_ComputerSystem get Domain Here is an example in C# (generated with the WMI Code Creator) using System; using System.Management; using System.Windows.Forms; namespace WMISample { public class MyWMIQuery { public static void Main() { try { ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_ComputerSystem"); foreach (ManagementObject queryObj in searcher.Get()) { Console.WriteLine("-----------------------------------"); Console.WriteLine("Win32_ComputerSystem instance"); Console.WriteLine("-----------------------------------"); Console.WriteLine("Domain: {0}", queryObj["Domain"]); } } catch (ManagementException e) { MessageBox.Show("An error occurred while querying for WMI data: " + e.Message); } } } } -- Mike Burr MS Technologies - Development - *nix
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2010 7:46am

Thanks Mike. This looks useful for getting the computer system domain which is, by default, the default logon domain. However, there is a local computer policy setting "Computer Configuration/Administrative Templates/System/Logon/Assign a default domain for logon" that allows you to set a different default logon domain. I figured out that the policy affects registry value DefaultLogonDomain in key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]. The registry value does not exist unless the policy is enabled. It seems that I would need to check the registry first. Only if DefaultLogonDomain is not found would I check the computer system domain as you suggested. Does that seem right?
December 7th, 2010 12:41pm

I haven't tested it personally, but I agree with your logic. Registry access in .Net is relatively easy. You could test for the presence of the registry value and fall back to WMI if there is no default logon domain specified through GPO.-- Mike Burr MS Technologies - Development - *nix
Free Windows Admin Tool Kit Click here and download it now
December 8th, 2010 12:27am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics