2021 Annual Petri Reader Survey - We want to know what's important to you! 2021 Annual Petri Reader Survey - We want to know what's important to you!

Hiding the User Name for a Locked Computer in Windows Vista/2008

Last week I received a question from one of my readers, asking how it was possible to hide the name of the user that has locked his or her workstation. The reason behind it was that in a secure environment, where computers need to be hardened in order to better protect them from any unauthorized access attempt, having the user name of a locked machine is considered to be “half the job”. With that information, the malicious user that wants to unlock the workstation, only needs to guess the user’s password. Naturally this information should not be easy to guess, but why make life easier for such a malicious user?

So I investigated this issue, and came up with a solution.

Note: You might want to also implement the setting that prevents the last user from being displayed on the logon screen.


This document contains instructions for editing the registry. If you make any error while editing the registry, you can potentially cause Windows to fail or be unable to boot, requiring you to reinstall Windows. Edit the registry at your own risk. Always back up the registry before making any changes. If you do not feel comfortable editing the registry, do not attempt these instructions. Instead, seek the help of a trained computer specialist.

To hide the user name for the user that has locked the computer, follow the next steps:

1. Start Registry Editor.

2. Locate the following key in the registry:


3. If it doesn’t exist, on the Edit menu, point to New, click DWORD Value, and then add the following registry values:

Value name: DontDisplayLockedUserId

Value data: 1, 2 or 3 (see below)

Base: Decimal


The following values can be set:

  • 1 = Show the locked user display name and the user ID
  • 2 = Show the locked user display name only
  • 3 = Do not display the locked user information

4. Exit Registry Editor.

Note: To prevent the last logged on user to be displayed in the Windows logon screen, also set the dontdisplaylastusername value and set it to 1.

This is how it looks like on a Windows Server 2008 machine.







Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Register for the Hybrid Identity Protection (HIP) Europe Conference!

Hybrid Identity Protection (HIP) Europe 2021 - Virtual Conference

Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. And with radical transformation come new business risks. Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric practitioners. At the inaugural HIP Europe, join your local IAM experts and Microsoft MVPs to learn all the latest from the Hybrid Identity world.