Hiding Account Properties When a Device is Locked

by Chris Sanders [Published on 30 June 2011 / Last Updated on 30 June 2010]

When a Windows computer is locked it will show the username of the person who locked it by default. This tip will provide a method for fixing this bad security practice.

Whenever a user walks away from their computer they can lock it by pressing Windows Key + L in order to leave their applications running while still password protecting the system. This is a good security practice in itself, but unfortunately Windows will show that users username on the screen while it is locked. A username can be just as sensitive as a password in a lot of scenarios, and because of this its considered good practice to disable the username from being shown on the system lock screen.

You can disable this functionality with a quick Group Policy change. In the group policy editor browse to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, and find the setting called Interactive Logon: Display User Information When the Session is Locked. If you change this value to 3 then it will remove all user information from the lock screen on the computers it is applied to.

See Also

The Author — Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at www.chrissanders.org contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

Featured Links