Every time you boot up your PC all computer accounts are normally displayed right on the logon screen. This can be a security risk as it provides useful information to a malicious user attempting to breach your computer. In addition, if Remote Desktop is enabled, an attacker can remotely identify the user currently logged in as it is listed on the logon screen. The attacker just needs to find your computer's IP address and then start to brute force your password. It is for these reasons that I highly reccomend what is common practice in any large enterprise, and hide the remove the user list from the logon screen.
There are two ways to turn on the setting that will remove the user list and present a simple username and password box shown above.
Using the Security Policy Editor
- Click on the Start Button, type in secpol.msc and hit Enter.
- When the Local Security Policy editor loads, navigate through Local Policy and then Security Options.
- Locate "Interactive logon: Do not display last user name" policy. Right click on it and select Properties.
- Set the policy to Enabled and hit Ok.
Using Registry Editor (for editions of Windows that don't include the security policy editor)
- Click on the Start Button, type in regedit and hit Enter.
- Navigate through HKEY_LOCAL_MACHINE, SOFTWARE, Microsoft Windows, CurrentVerison, Policies, and System.
- Right click on dontdisplaylastusername and select Modify.
- Set the value to 1 and hit OK.
As soon as you log off, you will see the new basic logon screen.