Robert R.MemberAugust 13, 2017 at 2:05 pm #167150
Windows 10 Version 1703 Build 15063.540
I am setting up a Windows 10 home PC, with the following users
- child01 (member of local users) (primary user) (first account created)
- admin-child01 (member of local administrators)
- parent01 (member of local users)
- admin-parent01 (member of local administrators)
- parent02 (member of local users)
- admin-parent02 (member of local administrators)
The login screen (1) prompts the last logged in user to enter a password, and (2) shows a list of users. See screen shot below.
I want to configure the login screen show to (1) prompt the last logged in user to enter a password, and (2) allow the option to “log in as another user”, which would require the user to type in their user name; e.g., child01, parent01, or parent02. See screen shot below.
I know this is possible, since that’s the way our Windows 10 laptops are set up at work ; and if it wasn’t a weekend, I’d be taking a look at them now for hints.
The reason I don’t want all of the user names displayed on the login screen is to discourage the users from logging in with their admin credentials, rather than just using them for privilege escalation when necessary.
Even better would be if there was a way to disable login with admin credentials, so that they can only be used for privilege escalation from a non-admin account. That’s something else I’m looking into.
EDITED TO ADD : this is the first time in over five years I’ve used this forum. Is there a way to embed the images in the posts, the way I used to? Or will I just have to provide a URL to an external site from now on?
BloodModeratorAugust 14, 2017 at 8:08 am #337311
Have you seen this article: https://www.windowscentral.com/how-hide-specific-user-accounts-sign-screen-windows-10
Robert R.MemberAugust 15, 2017 at 9:23 pm #353195
Yes, I had. It does work. However …
… the hidden account names, which in my case are the administrator accounts, are also not available in User Account Control dialog box which asks users “Do you want to allow this app to make changes to your device?” In fact, the “Yes” option is not there, either.
If this device was for my household, it wouldn’t be a problem, since I can simply open a command prompt and runas /user:admin-parent01 . This method does still work(fortunately, since it was the only way I was able to undo the change).
But opening a command prompt and running applications from the command line is not something I can expect these people to do.
BloodModeratorAugust 16, 2017 at 3:14 am #337316
I’ve not used W10 in this way, and we don’t have it on our domain. But, as far as I am aware, there are two account types Standard and Administrator.. You may be able to log on as an administrator and add a standard account to the local administrators group via Computer Management. While that would allow the UAC prompt to display the Yes button, it may not be what you want to achieve overall.
What restrictions do you want to put in place for the Standard account owners?
You must be logged in to reply to this topic.