vSYSAD

virtualization & system administration

  • Home
  • About
  • Legal
  • Privacy Policy

Login screen displaying multiple accounts on Windows Server 2008 R2

January 1, 2015 by japinator

You may see the situation below when setting up multiple accounts on a Windows server:

20150101134711

Apart from it cluttering the login screen it is a clear security issue. I would also add that the Administrator account should always be renamed to something less obvious as a security best practice.

To remove any accounts from being displayed on the Windows login screen perform the following:

1. Click on Start > Run and enter secpol.msc and click on OK per the below:

20150101140209

2. Once the Local Security Policy snap-in has loaded open Local Policies, click on Security Options and then in the right pane double-click on Interactive logon: Do not display last user name:

20150101135304

3. Once it opens select Enabled and then click OK to apply the changes:

20150101135422

4. Logout, hit CTRL + ALT + DEL and then observe the shiny, uncluttered and significantly more secure login screen:

20150101135630

The steps above change a value in the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

The value in question is dontdisplaylastusername and is by default set to 0 (disabled):

20150101150932

To enable the setting open the dontdisplaylastusername value and change it to 1 and click OK to save the change:

20150101155129

Simply logout, hit CTRL + ALT + DEL and you will observe the setting is now enabled and no user accounts will be displayed on the login screen.

Finally, there is one more way to enable this setting. This method is my favourite because it is the coolest – PowerShell. Run the PowerShell command below to achieve the same result and the two previously mentioned methods:

Set-ItemProperty -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name dontdisplaylastusername -Value 1 -Type DWORD

All the steps/methods stated in this post apply to Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012.

Share:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Share on Facebook (Opens in new window)
  • Click to share on Google+ (Opens in new window)

Related

Filed Under: PowerShell, Windows Tagged With: dontdisplaylastusername, login screen, multiple users, server 2008 r2, windows

Top Posts

  • Install and Configure SMTP Server on Windows Server 2016
  • PowerShell script to copy file to multiple remote servers
  • Setup and Configure SMTP Server on Windows Server 2012
  • Setup and Configure SMTP Server on Windows Server 2008 R2
  • Memory reclamation techniques in VMware
  • Configure SMTP Server on Windows 2012 to use Gmail to relay messages
  • Get the allocation unit size of an NTFS partition in Server 2012
  • PowerCLI command to list all VMs in a cluster
  • Change hostname on RHEL 6/CentOS 6
  • Change Product Key in Windows Server 2012 via command line

RECENT COMMENTS

  • Daniela Cascante Laguna on Setup and Configure SMTP Server on Windows Server 2012
  • Merri abdessalam on Setup and Configure SMTP Server on Windows Server 2012
  • Merri abdessalam on Setup and Configure SMTP Server on Windows Server 2012
  • Mind Freak on Configure SMTP Server on Windows 2012 to use Gmail to relay messages
  • Jens Møller Kloster on Install and configure FTP Over SSL (FTPS) in IIS 7.5

© Copyright 2015 vsysad.com · All Rights Reserved · Hosted on DigitalOcean