close
Hiding the User Name for a Locked Computer in Windows Vista/2008
Last week I received a question from one of my readers, asking how it was possible to hide the name of the user that has locked his or her workstation. The reason behind it was that in a secure environment, where computers need to be hardened in order to better protect them from any unauthorized access attempt, having the user name of a locked machine is considered to be “half the job”. With that information, the malicious user that wants to unlock the workstation, only needs to guess the user’s password. Naturally this information should not be easy to guess, but why make life easier for such a malicious user?
So I investigated this issue, and came up with a solution.
Note: You might want to also implement the setting that prevents the last user from being displayed on the logon screen.
Warning!
This document contains instructions for editing the registry. If you make any error while editing the registry, you can potentially cause Windows to fail or be unable to boot, requiring you to reinstall Windows. Edit the registry at your own risk. Always back up the registry before making any changes. If you do not feel comfortable editing the registry, do not attempt these instructions. Instead, seek the help of a trained computer specialist.
advertisment
To hide the user name for the user that has locked the computer, follow the next steps:
1. Start Registry Editor.
2. Locate the following key in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
3. If it doesn’t exist, on the Edit menu, point to New, click DWORD Value, and then add the following registry values:
Value name: DontDisplayLockedUserId
Value data: 1, 2 or 3 (see below)
Base: Decimal
The following values can be set:
advertisment
- 1 = Show the locked user display name and the user ID
- 2 = Show the locked user display name only
- 3 = Do not display the locked user information
4. Exit Registry Editor.
Note: To prevent the last logged on user to be displayed in the Windows logon screen, also set the dontdisplaylastusername value and set it to 1.
This is how it looks like on a Windows Server 2008 machine.
Before:
After:
More from Daniel Petri
More in Security
Microsoft Defender Vulnerability Management Adds New CVE Reporting Feature
Jun 30, 2022 | Rabia Noureen
Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads
Jun 29, 2022 | Rabia Noureen
Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Jun 27, 2022 | Rabia Noureen
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
Most popular on petri