GPO for clearing the user names from login window

I assume this is a best practice policy.  I'd like to deploy it, but users may struggle with the change..

Where is this in GPO?

Can anyone confirm a good business security case to enable this option in AD?  So after you press ctrl + alt + delete the username field is blank..

Windows 7 Pro, 2008 R2 by the way.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Do the following to enable this policy...

1.Click Start, click Run, type mmc, and then click OK.
2.On the Console menu, click Add/Remove Snap-in.
3.Click Add.
4.Click the Group Policy snap-in, and then click Add.
5.Click the target Group Policy object (GPO). The default setting is the local computer. Click Browse to select other GPOs that are available on the network. Click Finish.
6.Click Close, and then click OK.
7.Expand the Computer Configuration node, the Windows Settings node, and the Security Settings node.
8.Expand the Local Policies node, and then click Security Options.
9.In the right pane, double-click the Do not display last user name in logon screen entry.
10.Click Enabled.
11.Click OK.
12.Close the Group Policy console and restart the computer.


This refernces Windows 2000 but the same steps apply for 2008/win7/etc.

For security concerns it really depends on the company. Example: if you are working at a bank and they use your debit card number as the login name then that may be a case where you would want to implement this policy.


SandeshdubeySenior Server EngineerCommented:
As you are aware that if the change is applied user will not like it.However if you still want to deploy the policy see below links.

How To Prevent the Last Logged-On User Name from Being Displayed
CHI-LTDAuthor Commented:
Sure am.

I have tried the first link but its not applying to the OU...
SandeshdubeySenior Server EngineerCommented:
This is computer policy you need to apply to computer OU or if all the user neee to have same policy you can apply the template to domain or configure the setting in default domain policy.You also need to reboot the cleints computers for setting to take effect.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CHI-LTDAuthor Commented:
Got it!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.