• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 645
  • Last Modified:

GPO for clearing the user names from login window

I assume this is a best practice policy.  I'd like to deploy it, but users may struggle with the change..

Where is this in GPO?

Can anyone confirm a good business security case to enable this option in AD?  So after you press ctrl + alt + delete the username field is blank..

Windows 7 Pro, 2008 R2 by the way.

  • 2
  • 2
2 Solutions
Will SzymkowskiSenior Solution ArchitectCommented:
Do the following to enable this policy...

1.Click Start, click Run, type mmc, and then click OK.
2.On the Console menu, click Add/Remove Snap-in.
3.Click Add.
4.Click the Group Policy snap-in, and then click Add.
5.Click the target Group Policy object (GPO). The default setting is the local computer. Click Browse to select other GPOs that are available on the network. Click Finish.
6.Click Close, and then click OK.
7.Expand the Computer Configuration node, the Windows Settings node, and the Security Settings node.
8.Expand the Local Policies node, and then click Security Options.
9.In the right pane, double-click the Do not display last user name in logon screen entry.
10.Click Enabled.
11.Click OK.
12.Close the Group Policy console and restart the computer.

Reference: http://support.microsoft.com/kb/310125

This refernces Windows 2000 but the same steps apply for 2008/win7/etc.

For security concerns it really depends on the company. Example: if you are working at a bank and they use your debit card number as the login name then that may be a case where you would want to implement this policy.


SandeshdubeySenior Server EngineerCommented:
As you are aware that if the change is applied user will not like it.However if you still want to deploy the policy see below links.

How To Prevent the Last Logged-On User Name from Being Displayed
CHI-LTDAuthor Commented:
Sure am.

I have tried the first link but its not applying to the OU...
SandeshdubeySenior Server EngineerCommented:
This is computer policy you need to apply to computer OU or if all the user neee to have same policy you can apply the template to domain or configure the setting in default domain policy.You also need to reboot the cleints computers for setting to take effect.
CHI-LTDAuthor Commented:
Got it!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now