close
Hiding the User Name for a Locked Computer in Windows Vista/2008
Last week I received a question from one of my readers, asking how it was possible to hide the name of the user that has locked his or her workstation. The reason behind it was that in a secure environment, where computers need to be hardened in order to better protect them from any unauthorized access attempt, having the user name of a locked machine is considered to be “half the job”. With that information, the malicious user that wants to unlock the workstation, only needs to guess the user’s password. Naturally this information should not be easy to guess, but why make life easier for such a malicious user?
So I investigated this issue, and came up with a solution.
Note: You might want to also implement the setting that prevents the last user from being displayed on the logon screen.
Warning!
This document contains instructions for editing the registry. If you make any error while editing the registry, you can potentially cause Windows to fail or be unable to boot, requiring you to reinstall Windows. Edit the registry at your own risk. Always back up the registry before making any changes. If you do not feel comfortable editing the registry, do not attempt these instructions. Instead, seek the help of a trained computer specialist.
To hide the user name for the user that has locked the computer, follow the next steps:
1. Start Registry Editor.
2. Locate the following key in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
3. If it doesn’t exist, on the Edit menu, point to New, click DWORD Value, and then add the following registry values:
Value name: DontDisplayLockedUserId
Value data: 1, 2 or 3 (see below)
Base: Decimal
The following values can be set:
- 1 = Show the locked user display name and the user ID
- 2 = Show the locked user display name only
- 3 = Do not display the locked user information
4. Exit Registry Editor.
Note: To prevent the last logged on user to be displayed in the Windows logon screen, also set the dontdisplaylastusername value and set it to 1.
This is how it looks like on a Windows Server 2008 machine.
Before:
After:
More in Security
Microsoft Defender for IoT Gets Cloud-Powered Security Features to Protect Enterprise Networks
Mar 21, 2023 | Rabia Noureen
Azure Firewall Basic Now Available to Protect Small Businesses Against Cyberattacks
Mar 16, 2023 | Rabia Noureen
Microsoft Releases Updates to Patch Critical Outlook NTLM Vulnerability
Mar 16, 2023 | Rabia Noureen
Microsoft Warns About New MFA Bypass Tool Used in AiTM Phishing Campaigns
Mar 15, 2023 | Rabia Noureen
Microsoft 365 Defender Adds Real-Time Custom Detections Support in Preview
Mar 14, 2023 | Rabia Noureen
GitHub to Start Rolling Out Two-Factor Authentication (2FA) to All Contributors Today
Mar 13, 2023 | Rabia Noureen
Most popular on petri