Slick administrator account

[Brian B]

Hello,
How do I create a domain admin account that will not be revealed to a user
after I have logged off. It leaves the previous account login settings
unchanged. (Users have a tough time having to change these settings back in
the dialog box: 3rd line: Domain, 1st line: username, that sort of thing.
Also, they tend to feel violated.)

I appreciate any feedback.

Thank you.
Brian B

 

[Lanwench [MVP - Exchange]]

In your default domain policy, you can specify that the clients not display
the username of the last user who logged in - it will be blank.

 

[Laura E. Hunter \(MVP\)]

I tend to just edit the DefaultUserName/DefaultDomainName key under
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and set it back
to whatever it was before I logged onto the machine. It's pretty stealthy
and alleviates confusion when the user logs back in.

 

[Lanwench [MVP - Exchange]]

Why not just hide it entirely, all the time?

I tend to just edit the DefaultUserName/DefaultDomainName key under
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and set it
back to whatever it was before I logged onto the machine. It's
pretty stealthy and alleviates confusion when the user logs back in.

 

[Brian B]

Thanks for your quick response!
Is there a way I can specify this policy "Do not display last user name in
logon screen." for one PARTICULAR admin account? It doesn't appear that way
from this Windows Settings --> Local Policies --> Security Options applet.
I wouldn't want everyone to have this privilege.

Thanks again for your help, any further assistance is icing.

"Lanwench [MVP - Exchange]"

 

[Lanwench [MVP - Exchange]]

Thanks for your quick response!
Is there a way I can specify this policy "Do not display last user
name in logon screen." for one PARTICULAR admin account? It doesn't
appear that way from this Windows Settings --> Local Policies -->
Security Options applet. I wouldn't want everyone to have this
privilege.

Why not just disable the 'display last logon' in general? It's better from a
security standpoint anyway.

Thanks again for your help, any further assistance is icing.

"Lanwench [MVP - Exchange]"

In your default domain policy, you can specify that the clients not
display the username of the last user who logged in - it will be
blank.

 

[Joe Richards [MVP]]

No there isn't.

 

[Laura E. Hunter \(MVP\)]

From the statement of "users have a hard time changing this back", I was
going for making their logon simpler. Hiding it all the time is much more
secure, obviously, but if a user population isn't accustomed to it, it'll
make it even harder for them. (Says the admin who wanted to implement
the 'blank username' policy but got overruled. )

--
******************************
Laura E. Hunter - MCSE, MCT, MVP
Replies to newsgroup only


"Lanwench [MVP - Exchange]"

 

[Lanwench [MVP - Exchange]]

From the statement of "users have a hard time changing this back", I
was going for making their logon simpler. Hiding it all the time is
much more secure, obviously, but if a user population isn't
accustomed to it, it'll make it even harder for them. (Says the
admin who wanted to implement the 'blank username' policy but got
overruled. )

I feel your pain, but I usually just show users my metaphorical riding crop
and they step in line right away on issues like this. My usual response is a
raised eyebrow and an innocent tone: "Oh, you don't know how to spell your
name?"

"Lanwench [MVP - Exchange]"

Why not just hide it entirely, all the time?

 

[Joe Richards [MVP]]

I doubt it is a metaphorical riding crop....