Hiding Usernames in the Logon Screen
When you start most
Windows PCs, you end up at the logon screen so that you can choose your
username and log on by entering your password. In Windows 7, the logon
screen always displays icons for each user account, and each icon shows
the name of the account. Figure 3 shows a typical Windows 7 logon screen.
This may not seem all
that important, but that logon screen is actually helping any would-be
cracker a great deal. Why? The nefarious nogoodnik now has an important
advantage because he knows the names of all your user accounts (or, in
the case of XP Pro, one of your accounts). Yes, the evildoer must still
guess an account’s password, but you can make things a heckuva lot
harder by forcing the snoop to also guess a username on your system. How
do you do that? By tweaking Windows so that it doesn’t display
usernames in the logon screen. Sneaky!
You do that by following these steps:
Note
These steps require
the Local Security Policy snap-in, which is available only with Windows 7
Professional, Windows 7 Enterprise, Windows 7 Ultimate, and XP
Professional. In case you’re not running one of these versions, I’ll
show you how to perform the same tweak using the Registry.
1. | Select Start, type secpol.msc into the Search box, and then press Enter. The Local Security Policy snap-in appears.
|
2. | Open the Local Policies branch.
|
3. | Click the Security Options branch.
|
4. | Double-click the Interactive Logon: Do Not Display Last User Name policy.
|
5. | Click the Enabled option.
|
6. | Click OK to put the new setting into effect.
|
If you don’t have
access to the Local Security Policy snap-in, open the Registry Editor
and create (if it’s not there already) a DWORD setting named DontDisplayLastUserName with the value 1 in the following key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
The next time you start your computer, no usernames appear in the logon screen. Figure 4 shows the Windows 7 logon screen without usernames.
