Clearing the Last User Logon
Every time you boot up your PC, all computer accounts and users who have logged on to it display on the logon screen. This can be a big security risk because it shows the usernames of all accounts that someone can try to use to break into the computer. In addition, the logon screen can become cluttered with many user accounts. Therefore, it might be a good idea to enable the Do not display last user name policy. In previous versions of Windows that used the classic logon screen, this policy would just clear the User name text box so that an attacker would have no clue about the last account used to log on. With the removal of the classic logon screen in 7, this policy behaves slightly differently by removing the Account list on the logon screen and turning on basic User name and Password boxes.
Using the policy is easy, if you choose to enable it. If so, just follow these steps:
- Click the Start button, type secpol.msc, and press Enter.
- When the Local Security Policy editor loads, navigate through Local Policies and then Security Options.
- Locate the Interactive logon: Do not display last user name policy. Rightclick it and select Properties.
- On the Local Security Settings tab, select Enable, and then click OK.
- Close the Local Security Policy editor and you are finished.
For those of you that don't have SecPol.msc in your version of Windows (only Professional version and higher) you will have to set the registry key manually:
- Click the Start button, type in Regedit, and hit Enter.
- Navigate through HKEY_LOCAL_MACHINE, SOFTWARE, Microsoft, Windows, CurrentVersion, Policies, then System.
- Right-click dontdisplaylastusername and select Modify.
- Set the value to 1 and click OK.
As soon as you log off or reboot, the new logon screen settings will be present.