vodyanoi
asked on
Windows 10 Lock screen issue for domain members
We have updated a number of PC's on our domain to windows 10. We have a global group policy to enforce a screen lock out after 15 minutes as part of our PCI compliance.
We have noticed a change in behaviour when unlocking a PC. If the operating system is Windows 7, or 8 or 8.1 then you only have to enter your password to unlock the PC. With Windows 10 you have to enter both your username and your password.
Is there a way to revert to only having to enter your password, as the extra typing appears to be annoying our directors ....
regards
Spencer Clark
We have noticed a change in behaviour when unlocking a PC. If the operating system is Windows 7, or 8 or 8.1 then you only have to enter your password to unlock the PC. With Windows 10 you have to enter both your username and your password.
Is there a way to revert to only having to enter your password, as the extra typing appears to be annoying our directors ....
regards
Spencer Clark
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think you must enter name and password. The login is different but in my own Windows 10 machine (not on domain) the user name remains.
There is a registry key to retain user name or not in Windows 7 and 8.1 that you can check. I will see if that setting is in my Windows 10 machine.
There is a registry key to retain user name or not in Windows 7 and 8.1 that you can check. I will see if that setting is in my Windows 10 machine.
Wayne's comment is it. We noticed the same. Win10 is weird, at this spot.
Please let us know about the interactive login key. It works as expected on my Windows 10 machine, but it is not on a domain.
Is your domain Server 2012?
Is your domain Server 2012?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To clear this up:
The GPO "don't display last username" is not activated by default, but many do it for security reasons. The resulting behavior is different for windows 10 as compared to ALL versions before:
Windows 10: shows no last username when you start the machine + shows no logged on user when you try to unlock it
Windows-before-10: shows no last username when you start the machine but DOES show the currently logged on username when you unlock.
I have to say that this design change is inconvenient for mixed environments (win7+8.x+10). But from a security perspective, it's consistent and only logical - we don't want an attacker to see who is using the machine - no matter if he starts or tries to unlock it. Before win10, this was only possible for starts but not for unlocks.
The GPO "don't display last username" is not activated by default, but many do it for security reasons. The resulting behavior is different for windows 10 as compared to ALL versions before:
Windows 10: shows no last username when you start the machine + shows no logged on user when you try to unlock it
Windows-before-10: shows no last username when you start the machine but DOES show the currently logged on username when you unlock.
I have to say that this design change is inconvenient for mixed environments (win7+8.x+10). But from a security perspective, it's consistent and only logical - we don't want an attacker to see who is using the machine - no matter if he starts or tries to unlock it. Before win10, this was only possible for starts but not for unlocks.
ASKER
Followed Wayne88's idea and added a group policy to cover this. Works perfectly.
McKnife - I agree, from a security perspective, not showing the logged in user name is the preferred choice. However, I sit 1 meter from our MD and keeping him happy is far better for my sanity.
McKnife - I agree, from a security perspective, not showing the logged in user name is the preferred choice. However, I sit 1 meter from our MD and keeping him happy is far better for my sanity.
"However, I sit 1 meter from our MD and keeping him happy is far better for my sanity." - I see :)
http://www.eightforums.com/tutorials/19418-lock-screen-sign-user-name-password.html