New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Hiding the User Name for a Locked Computer in Windows Vista/2008

Last week I received a question from one of my readers, asking how it was possible to hide the name of the user that has locked his or her workstation. The reason behind it was that in a secure environment, where computers need to be hardened in order to better protect them from any unauthorized access attempt, having the user name of a locked machine is considered to be “half the job”. With that information, the malicious user that wants to unlock the workstation, only needs to guess the user’s password. Naturally this information should not be easy to guess, but why make life easier for such a malicious user?

So I investigated this issue, and came up with a solution.
Note: You might want to also implement the setting that prevents the last user from being displayed on the logon screen.

Warning!

This document contains instructions for editing the registry. If you make any error while editing the registry, you can potentially cause Windows to fail or be unable to boot, requiring you to reinstall Windows. Edit the registry at your own risk. Always back up the registry before making any changes. If you do not feel comfortable editing the registry, do not attempt these instructions. Instead, seek the help of a trained computer specialist.

To hide the user name for the user that has locked the computer, follow the next steps:

1. Start Registry Editor.
2. Locate the following key in the registry:


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

3. If it doesn’t exist, on the Edit menu, point to New, click DWORD Value, and then add the following registry values:

Value name: DontDisplayLockedUserId
Value data: 1, 2 or 3 (see below)
Base: Decimal

The following values can be set:

1 = Show the locked user display name and the user ID
2 = Show the locked user display name only
3 = Do not display the locked user information

4. Exit Registry Editor.
Note: To prevent the last logged on user to be displayed in the Windows logon screen, also set the dontdisplaylastusername value and set it to 1.

This is how it looks like on a Windows Server 2008 machine.
Before:

After:

by Daniel Petri
Sep 21, 2009

Renowned as the creator of the acclaimed Petri IT Knowledgebase back in 1999 Daniel Petri has become a distinguished figure in the IT realm, recognized for delivering reliable, expertise-driven content. This website - www.petri.com - not only embodie...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
Microsoft Adopts Weather-Themed Threat Actor Naming Taxonomy

Apr 19, 2023
Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure

May 9, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.