In Windows 10/eight.1 and Windows Server 2016/2012 R2 the logon display screen by default shows the account of the final person who logged in to the pc (if the person password will not be set, this person shall be mechanically logged on, even when the will not be enabled). However, it’s potential to show all person accounts on the welcome display screen in Windows 10. You can configure completely different habits of this perform : you’ll be able to present the final logon username, disguise it, and even checklist all native or logged area customers.
How to Hide User Account from Windows Logon Screen?
Displaying the account identify on the Windows login display screen is handy for customers, however reduces the pc safety. An attacker who gained native entry to a pc can solely choose up a password (for this there are numerous methods of social engineering, brute pressure assaults, or a banal sticker with a password on the monitor).
You can disguise the final logged person identify on a Windows welcome display screen by the GPO. Open the area (gpmc.msc) or native () Group Policy editor and go to the part Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. Enable the coverage “Interactive logon: Do not show final person identify”. By default, this coverage is disabled.
Also you’ll be able to disguise the username on the login display screen by the registry. To do that go to the registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem, create a brand new DWORD parameter named dontdisplaylastusername with the worth 1.
Additionally, you’ll be able to disguise the username on a locked laptop. To do that, in the identical GPO part you want to allow the coverage “Interactive logon: Display person info when the session is locked” and choose the worth “Do not show person info”.
A registry parameter named DontDisplayLockedUserId in the identical registry key with a worth of three corresponds to this coverage setting.
Now on the pc login display screen and on the Windows lock display screen, an empty fields for coming into a username and password are displayed.
How to Show All Local User Account on Login Screen in Windows 10?
In Windows 10 / eight.1, you’ll be able to checklist all native all person accounts on the welcome display screen. To log in to the pc, the person simply wants to click on on the specified account and specify its password.
To show all native customers on the Windows login display screen, you want to change the worth of Enabled parameter to 1 in the next registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionAuthenticationLogonUIUserSwap. You can change this parameter by the RegEdit GUI, Reg Add cli command or PowerShell cmdlet:
Reg Add HKLMSOFTWAREMicrosoftWindowsCurrentVersionAuthenticationLogonUIUserSwap /v Enabled /t REG_DWORD /d 1 /f
Set-ItemProperty -Path 'HKLM:SOFTWAREMicrosoftWindowsCurrentVersionAuthenticationLogonUIUserSwap' -Name Enabled -Value 1
However, the Windows mechanically resets the worth of the Enabled parameter to zero at every person logon. In order to all the time change the registry worth to 1, it’s simpler to create a brand new job in the Task Scheduler that may run at person logon.
The Scheduler job should run one of many instructions proven above. You can create this job manually utilizing the taskschd.msc graphic console. But it appears to me that it’s a lot simpler . In our case, the instructions to create a brand new job might look as follows:
$Trigger= New-ScheduledTaskTrigger -AtLogOn
$User= "NT AUTHORITYSYSTEM"
$Action= New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "Set-ItemProperty -Path HKLM:SOFTWAREMicrosoftWindowsCurrentVersionAuthenticationLogonUIUserSwap -Name Enabled -Value 1"
Register-ScheduledTask -TaskName "UserSwitch_Enable" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest –Force
Make positive that the duty appeared in Windows Task Scheduler (taskschd.msc).
Log off after which go browsing once more. The job should begin mechanically and alter the worth of Enabled registry parameter to 1. Check the present worth of the parameter. As you’ll be able to see, it’s 1:
get-ItemProperty -Path 'HKLM:SOFTWAREMicrosoftWindowsCurrentVersionAuthenticationLogonUIUserSwap' -Name Enabled
After the following reboot, all native person accounts shall be displayed on Windows 10/eight.1 logon display screen as an alternative of the final one.
Tip. If the duty is efficiently triggered, however the checklist of native customers will not be displayed, be sure if the coverage Interactive Logon: Do not show final username (see Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options) is disabled.
There is a separate group coverage setting that makes it a lot simpler to checklist native customers account on the Welcome display screen of the domain-joined computer systems. Open the GPO editor, go to the part Computer Configuration -> Administrative Templates -> System -> Logon and allow the coverage “Enumerate native customers on domain-joined computer systems”.
Showing Logged Domain Users on Windows 10 Login Screen
If a number of area customers use one laptop, you’ll be able to show on the welcome display screen a listing of customers who’ve native energetic/disconnected session (customers will solely be displayed if they’re logged in, for instance, when utilizing public computer systems, kiosks, an RDS server or its ).
To do that, verify that in the Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options the next insurance policies are disabled:
- Interactive logon: Don’t show final signed-in: Disabled
- Interactive logon: Don’t show username at signal in: Disabled
Then disable the insurance policies in the part Computer Configuration -> Administrative Templates -> System -> Logon:
- Block person from exhibiting account particulars on sign-in: Disabled
- Do not enumerate related customers on domain-joined laptop: Disabled
After that, the welcome display screen will show a listing of accounts with energetic periods which have logged in however have been disconnected. It is sufficient for the person to log in as soon as, and after that simply choose an account from the checklist and enter the password.
How to Hide Specific User Account from the Sign-in Screen?
The Windows Welcome display screen shows customers who’re members of one of many following native teams: Administrators, Users, Power Users, Guests.
You can disguise any person from the checklist on the Windows 10 sign-in display screen by operating the command:
reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserListing" /t REG_DWORD /f /d zero /v UserName