How to Hide User Information When Computer is Locked

  • Article

Hi, this is Amit from the Directory Services team and I am going to discuss a Group Policy setting which is now available in XP SP3 & 2003 SP2.

Whenever we logon to a Windows workstation, we always see a previously logged on user; we might want to remove that because of Security Reasons. We already have a KB Article for this 324740.

Ever wonder if we can hide Domain\Username details, when computer is locked? After all, users can still look at the actual username, Domain Name etc. being used (see below).

image

If you want to hide these details, then you can configure this using a GPO setting:

Interactive Logon: Display User Information when the session is locked.

This setting is available at the following location:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

This setting has three options when you enable it:

  • User display name, domain and user names (Value = 0x1)
  • User display name only (Value = 0x2)
  • Do not display user information (Value =0x3)

By choosing the third option, you are not displaying DOMAIN\Username details when the machine is locked (see below).

image

Once the policy is applied, it will create a registry key “DontDisplayLockedUserId” with a value of 3 at the following location :

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

When you try to login back on the locked machine, it will not show the user name who is logged on. So you have to provide your username again along with the password.

Note: - This group policy is only available via the group policy editor XP SP3 & 2003 SP2; however it can also be directly applied by editing the registry to XP SP2, Windows Vista & Windows Server 2008 computers.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
REG_DWORD: DontDisplayLockedUserId

We are aware of this issue that this setting is currently not available on Windows Vista & Windows Server 2008.

You can also refer to KB837022 which talks about hot fix for MSGINA.DLL .

You cannot change the display behavior of the user display name and of the user ID when a Windows XP-based computer resumes from the locked state.

If you want to learn more about Group Policy and play around with other settings, check out the following links:

Group Policy Resources on TechNet

Download Group Policy Settings Reference for Windows Vista

Download Group Policy Settings Reference for Windows Server 2008 and Windows Vista SP1

www.gpoguy.com This site has helpful videos, articles, and tools to help you work with Group Policy.  Check that site out regardless, beta or not. It’s got a lot of good information for every level of GP knowledge

- Amit Khanna