Avatar of Aaron_Denton
Aaron_Denton
Flag for United States of America asked on

Customize windows Vista Lock screen

I need to make a customization to the logon screen you see after the screen has been locked.  I've changed a setting in the machines local security policy:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Display user information when the session is locked

I have that set to User display name only.  My goal was to hide the domain name.

When I press CTRL+ALT+DEL to logon I then have to type in my username and password to logon.

This is annoying to users and I'm hoping somebody knows how I can add an option for that setting to allow me to hide the domain name at the locked screen but still have the username filled in automatically for the user when the press CTRL+ALT+DEL to unlock the screen.
Windows VistaWindows Server 2008

Avatar of undefined
Last Comment
Aaron_Denton

8/22/2022 - Mon
NJComputerNetworks

what happens when you use UPN instead of classic domain\username when you logon?

Maybe you can instruct the users to logon this way...

user@something.com
ASKER CERTIFIED SOLUTION
NJComputerNetworks

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Aaron_Denton

ASKER
User's are currently logging in using UPN.
NJComputerNetworks

http://technet.microsoft.com/en-us/library/cc739093(WS.10).aspx

For example, if your organization uses a deep domain tree, organized by department and region, domain names can get quite long. The default user UPN for a user in that domain might be sales.westcoast.microsoft.com. The logon name for a user in that domain would be user@sales.westcoast.microsoft.com. Creating a UPN suffix of "microsoft" would allow that same user to log on using the much simpler logon name of user@microsoft. For more information about user accounts, see User and computer accounts and Object names.

So, you could change of the UPN to something different if you like...
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Aaron_Denton

ASKER
my problem is not the username.

The problem is that when unlocking a screen the user is forced to retype the username when the Local Security setting is set to only display User Display Name.

Even using UPN logons the locked screen logon will display the Win2k compatible domain name.  I need to hide that.
NJComputerNetworks

using UPN you can't hide the ...@something.com  <--- the last part.
NJComputerNetworks

oh... I think I understand what you are saying...

You want... after you lock workstation... the user name should be hidden?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
NJComputerNetworks

NJComputerNetworks


Q: Our Windows computers display logged on users' names and domain when their console is locked. Because of our very strict security requirements, our systems aren't supposed to reveal this information. Is there a way to disable this setting?

A: Yes, you can disable this setting on users' computers via Group Policy. On a Windows Server 2003 system, open the Microsoft Management Console (MMC) Group Policy editor (GPE) snap-in, navigate to Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, and double-click Interactive Logon: Display user information when the session is locked. Then select Do not display user information and click OK. Now the users' computers won't display any information about the current user when the console is locked. Given your security policy, you should also enable the Interactive logon: Do not display last user name option, which you'll find in the same folder. Enabling this policy will prevent Windows from displaying the logon name of the last user in the Logon to Windows dialog box.

http://windowsitpro.com/articles/print.cfm?articleid=96922

Aaron_Denton

ASKER
No.

There are three options in Local Security... Interactive logon: Display user information...

1. User display name, domain and user names
2. User display name only
3. Do not display user information

With option 1, the Win2k compatible domain name is displayed (even when you use UPN to logon).  With this option the user only has to type in a password to unlock.

With option 2, Win2k compatible domain name is hidden but then the user has to type in the UPN and password to unlock.

With option 3, Win2k compatible domain name is hidden along with all other user information but then the user has to type in the UPN and password to unlock.

I want to know how to use option 2 or 3 but avoid requiring the user to type in their UPN to unlock the computer.  I need option 2 or 3 so that the Win2k compatible domain name is hidden.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
NJComputerNetworks

Maybe on the unlock... try to tell the user to use this format...

%USERDOMAIN%\username


Aaron_Denton

ASKER
Let me clarify:

When I said Win2k compatible I should have said Pre-Win2k compatible.

I'm trying to hide the Pre-Win2k compatible domain name.
Aaron_Denton

ASKER
Found the solution for this:

In Vista or Windows 7, Open Local GPO, Computer Configuration, Windows Settings, Security Options, Local Policies, Security Options, Interactive logon: Display user information when the session is locked.

This setting can be modified to only display the username or so that no user specific information is shown when the screen has been locked either by screensaver or using Windows key + L.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.