CrossNodes Net Tip: Don't display the last user logged in

WIndows 2000 by default will display the last user name logged in, which in some circumstances can provide opportunity for a security breach. Here's a simple way to fix that.

By Enterprise Networking Planet Staff | Posted Feb 6, 2002
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

It is likely that at least some of the computers in your enterprise are located in relatively public areas, or may be used by temps, consultants, and the like. If you're using Windows 2000, these machines by default will come up with the login name of the last person to have used the machine and prompt for a password. And it may just happen that the temp (or whoever) in question may be able to figure that password out and compromise he network's security.

Whether this is a remote chance or not, when it comes to some aspects of security it is always better to leave no chance at all. There is a simple enough solution to tighten this potential leak, and simply change the Windows default so that the machine won't display that information. This occurs in the Registry, but it is of course much safer to use the GUI interface to accomplish the same goal.

  1. Logon with local administrator rights.
  2. Go to control panel | administrative tools
  3. Select local security policy
  4. Open up local policies
  5. Select security options
  6. Double-click "Do not display last user name in logon screen", and select enable or disable as the circumstances prescribe.

--
CrossNodes Net Tips are a new feature of crossnodes.com. If you have a networking tip or trick that you'd like to share, please submit it to the Managing Editor. There can be no financial remuneration, though we will place your byline upon request.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter