none
How to Disable 'Other User' login screen icon from Windows 7 login screen

    Question

  • My machine is configured in a domain and the login windows display my login icon as well as other user icon.

    I can understand that this has been provided so that if something happens to the Administrator, user can still login.

    But think about this.Any user who is the part of that domain can login to my machine without any problem.In my domain, different users are present and individually use their machine, but using the other user log-in screen, they can also login to my machine.

    Shouldn't windows 7 take care of this security.

    Let me know if there is any way to disable it

    Thanks,

    Pushpendra

    Tuesday, October 12, 2010 8:46 AM

Answers

  • Hi Leo, Thanks for that details. I have already tested this registry key, but Still using this reg-Key you cannot disable the other user login icon.I believe its Win7 design and we cannot really remove it. (Correct me if i am wrong) Apparently, i figured out another way to remove the icon and its work well.I need to implement Credential provider filter dll to do that. Really appreciate your quick reply. You can close this thread.
    Pushpendra
    Thursday, October 14, 2010 5:23 AM

All replies

  • "But think about this.Any user who is the part of that domain can login to my machine without any problem"

    Not True. You can setup Group Policies restricting which accounts can logon interactively with specific systems. Thus, even if the 'other user' is a viable option for a user to try, only certaint accounts will have privaledged access to logon to the system.

    Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on locally.

    From here just add the groups that will include the user accounts that you wish to deny local logons & then scope the GPO to na OU and test it out.

    Tuesday, October 12, 2010 2:43 PM
  • Understand that new level of security got added to improve Win7, but there are few cases which needs explanation.

    1)Earlier i used to have 2003 Win, with the default permission setting and if i lock the PC, only i am able to unlock it, but in Win7, since it displays Other user any domain user can get into the system(understand that u can avoid this by group policies restriction, but this big change.)

    2)Secondly, if you are aware about the Credential Provider provided by Win7, Using this we can write our own dll and can modify login screen and can write extra validation before allowing user to login.

    Now lets say, i override the Win7 Credential provider, and other then the default credential (user\passwrd) i added one more field (say, another device passwrd ) which user needs to input and must be validated before login.

    my credential provider will work if the user uses my login Screen, which will come up once i register the credential provider dll, but still Win7 shows 'other User' as another login icon which the same user can use to login .So in a way, even though Win7 provides credential provider Dll to override functionality, still it is of no use considering the behaviour of Win7.

    This may be big design flaw in Win7 if there exist no way to avoid the 'other User' screen.As i tried many ways to do this but of no use and also searching in forums gives no fruitful result.

    Let me know your points on this.

    Apparently, i wanted to understand how did this 'other users' login icon appears as non-domain controlled machine i dont see the other users icon.

    Thanks,

    Pushpendra

     


    Pushpendra
    Tuesday, October 12, 2010 6:22 PM
  • "1)Earlier i used to have 2003 Win, with the default permission setting and if i lock the PC, only i am able to unlock it,"

    This isn't quite the same as your original question. With Windows 7 there is a new feature, Quick User switching, make sure this is enabled so that you can logon other users even if another user is logged in & their session is locked already. Alterantively you could connect remotely via RDC to unlock the currently locked session.

    It's a change of one Group Policy setting, the one I mentioned earlier, it's really not that big of a change. Besides, provided the user has valid credentials to logon, there isn't much of a change in the previous OS other than presentation of the logon shell, as any domain user historically could try to logon to a system provided they're already granted access.

    I would say restrict it using the policy I mentioned, then it shouldn't matter if it comes up with Other User or not as only valid logons will be allowed to logon interactively.  Test it out first.

    Tuesday, October 12, 2010 7:31 PM
  • I understand that this was another question, but i raised that point to compare the functionality between 2003 and win7.

    I will try and get back to you on policy you have mentioned but please do answer the second answer which i have raised.As I am about to write the credential provider dll for Win7 and if the 'other User' cannot be removed then i 'credential provider dll' will not be of any use.

    <

    2)Secondly, if you are aware about the Credential Provider provided by Win7, Using this we can write our own dll and can modify login screen and can write extra validation before allowing user to login.

    Now lets say, i override the Win7 Credential provider, and other then the default credential (user\passwrd) i added one more field (say, another device passwrd ) which user needs to input and must be validated before login.

    my credential provider will work if the user uses my login Screen, which will come up once i register the credential provider dll, but still Win7 shows 'other User' as another login icon which the same user can use to login .So in a way, even though Win7 provides credential provider Dll to override functionality, still it is of no use considering the behaviour of Win7.

    This may be big design flaw in Win7 if there exist no way to avoid the 'other User' screen.As i tried many ways to do this but of no use and also searching in forums gives no fruitful result.

    Let me know your points on this.

    \>

    Also, so as if now there exist no way to remove the 'other User' icon.????

    Also you dint answer my another question

    <

    Apparently, i wanted to understand how did this 'other users' login icon appears as non-domain controlled machine i dont see the other users icon. ???

    />

    Thanks,

    Pushpendra

     

     


    Pushpendra
    Wednesday, October 13, 2010 5:53 AM
  • ·         Hi,

    ·         You can remove the user option from the logon screen by following steps:

    ·         1 click start-----Run-----input “regedit” in blanks-----click OK

    ·         2 In Registry Editor, find  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

    ·         3 If the userlist keys you want to hide  do not exist, create a DWORD registry value and name it as the name of user you want to hide. (for example: create a DWORD named user1). Set this value date to “0”, thus the user will hide on welcome screen.

    Note: you should better backup the registry before you want to change it.

     

    Hope it works.

     

    Regards,

    Leo   Huang


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, October 14, 2010 3:18 AM
  • Hi Leo, Thanks for that details. I have already tested this registry key, but Still using this reg-Key you cannot disable the other user login icon.I believe its Win7 design and we cannot really remove it. (Correct me if i am wrong) Apparently, i figured out another way to remove the icon and its work well.I need to implement Credential provider filter dll to do that. Really appreciate your quick reply. You can close this thread.
    Pushpendra
    Thursday, October 14, 2010 5:23 AM
  • Hi, Push2000,

    I also want to remove "other user" icon. Could you tell me more details how you implement Credential provider fileter dll to do that? Thanks a lot!

     

    Friday, October 29, 2010 5:51 AM
  • Hi liaa,

    This link should help you.

    http://www.eggheadcafe.com/software/aspnet/31604448/credential-provider-filter-not-working.aspx

    Create separate header and cpp file and rest all is mentioned in the above link.Give a try and it should work.


    Pushpendra
    Friday, October 29, 2010 5:58 AM
  • Hi Push2000,

    Thanks for your help. I already did it. One thing really weird is that after I register the customized credential provider, first time it works perfect (no "Other User" icon). But after reboot, then logon, lock the computer, click ctrl+alt+del, the "Other user" appears again. I have to click the icon so that I can type in username/password. Any idea about this?

    Thanks again.

    Friday, October 29, 2010 7:24 AM
  • I have implemented the same and i never get the other use icon.

    What was your implementation about? In my case, i have implemented my own credential provider (login screen) and filtered out all other login icon, including other user\admin etc.

     


    Pushpendra
    Friday, October 29, 2010 8:52 AM
  • Hi Push2000,

    Thanks for the reply. I implemented my CP and filtered out default CP same as the above link suggested:

    --CLMSProvider.cpp--

    //***SNIP***

    //Function to filter out other credential providers
    HRESULT CLMSProvider::Filter(CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus, DWORD
    dwFlags, GUID* rgclsidProviders, BOOL* rgbAllow, DWORD cProviders)
    {
    //DEBUG
    MessageBox(NULL, "Filter!", "Trace", NULL);

    switch (cpus)
    {
    case CPUS_LOGON:
    case CPUS_UNLOCK_WORKSTATION:
    //Filters out the default Windows provider (only for Logon and
    Unlock scenarios)
    //TODO: This isn't working
    for (int i = 0; i < cProviders; i++)
    {
    if (IsEqualGUID(rgclsidProviders[i], CLSID_PasswordCredentialProvider))
    rgbAllow[i] = FALSE;
    }
    return S_OK;

    case CPUS_CREDUI:
    case CPUS_CHANGE_PASSWORD:
    return E_NOTIMPL;

    default:
    return E_INVALIDARG;
    }
    }

    *************************************

    The sympton is that after register my CP and reboot the computer, it shows the last logon user icon and "other users" icon. I have to click the last logon user icon to load customized logon UI screen. If I locked the computer, enter ctrl+alt+del, it first shows "sb locked" icon. I have to click the icon and then customized logon UI appears. Other than this, all works well. Any idea about this?

    Thanks a lot.

     

    Tuesday, November 02, 2010 9:11 AM
  • I assume there is some issue with the way you implemented the credential provider and the filter.

    In my case, no matter whether i log-off, switch user, reboot, restart, i always get my customized credential provider only.

    My understanding is that, if last login user and 'other users' are getting displayed then probably your dll is not getting loaded.

    This is how the behaviour is, Windows, loads all the credential provider and if FILTER is specified, it will hide other providers and displays the one you specified.

     


    Pushpendra
    Tuesday, November 02, 2010 9:26 AM
  • Hi Push2000,

    I have to admit that I am stucked. I got some improvement but is still facing the issue

    If you don't mind, could u provide a complete sample to demostrate? I can send u my email address. Thanks a million in advance. 

    Tuesday, November 16, 2010 8:29 AM
  • I may not be able to provide you the code, as it is for some client.

    Try few things.

    for (int i = 0; i < cProviders; i++)
    {
    if (IsEqualGUID(rgclsidProviders[i], CLSID_PasswordCredentialProvider))
    rgbAllow[i] = FALSE;
    }
    Instead of CLSID_PasswordCredentialProvider, give the CLSID of your credential provider...i believe this may be the issue.

     


    Pushpendra
    Tuesday, November 16, 2010 8:36 AM
  • I believe the only time the Other User shows up is on a domain machine.  Were you able to find a solution, liaaaa?  I am also encountering the same situation.
    Thursday, December 02, 2010 10:18 PM
  • Let's modify the group policy to check the result.

    Computer Configuration\Administrative Templates\System\Logon

    on the right pane, let's enable Always use classic logon

    Regards,

    Simida

    • Proposed as answer by mphjjs Sunday, January 09, 2011 4:59 AM
    Friday, December 03, 2010 8:46 AM
  • The Other User suddenly showed up on my Windows 7 Welcome Screen today since purchasing this PC in February 2010, and after reading all of the comments/suggestions on this forum, I decided to try System Restore to yesterday's latest Windows Update, and the Other User no longer appeared on my Welcome Screen, after logging off and on several times to test it.  Hopefully, I won't see it again tomorrow when I log on, but we'll see.  I really appreciate running across this forum to try your recommendations first.  Thanks, and good luck with your Other User problem.

    Best,

    Mike

    Sunday, January 09, 2011 5:04 AM
  • Hi Push2000,

    I have done exactly the same thing, but still it is showing me all the last logged on users and other user tile too.

    I much appreciate your help on fixing this issue.

     

    Thank in advance,

    Regards,

    Dharshi

     

    Friday, April 29, 2011 1:59 PM
  • check whether the function is getting called.Also, you need to implement a separate class in separate header and cpp file.Dont mixed with the main credential provider code. Pushpendra
    Pushpendra
    Friday, April 29, 2011 9:55 PM
  •  Dear Pushpendra,

    Sorry for the delayed response. Actually i had successfully applied the filter. And its working well.

     

    But my issue is the remote logon window displays all logged on users even they are disconnected.

     

    Any clue why this is happening?

     

    Regards,

    Dharshi

    Tuesday, June 21, 2011 12:07 PM
  • Hi Dharshi,

    what do you mean by Remote login window? whichi remote login you are talking about.If you install your dll on a machine, then no matter from which machine you try to connect, filter will be applied always.

    Machine1 ->  machine 2 (credential provider installed)..filter wil be applied.

    Machine1  <credential provider> LoginWindows  --coneect to machine (machine 2)----->  (again here you might see the login windows) machine 2

    Let me know which case you are talking about.

    Thanks,

    Pushpendra


    Pushpendra
    Tuesday, June 21, 2011 12:20 PM
  • Hi pushpendra,

     

    I the scenario, machine 1 --> machine 2(CP installed)

    I am seeing around 5 tiles,

     

    1. Domain\User1(Logged On)

    2. Domain\User2(Logged On)

    3. Domain\User3 (Logged On Remotely From XXX)

    4. Domain\User4(Logged on Remotely From YYY)

    5. Other User

     

    I would like to display only two tiles. 1. Lastly logged on user  (for ex: Domain\User3) and Other User alone.


    Please help.

    Thanks,

    Dharshi

     

    P.S: I thought of inserting the images for the exact issues, but this forums doesn't have the provision to insert image.

    Wednesday, June 22, 2011 8:18 AM
  • Other tiles are showing up because i believe you havent implemented Filter in your credential provider code.Send me a mail id  and i will send you the sample code which may help you a bit.

    Pushpendra


    Pushpendra
    Wednesday, June 22, 2011 9:05 AM
  • Hi,

    First of all, you have to logon to your system using current administrator password.

    Click the Start menu and in the search box you have to type control userpasswords2.

    You could click the control userpasswords2 under the Programs.

    This would launch User Accounts dialog box.

    Then, you have to choose your user account and need to uncheck the ‘User must enter a user name and password to enter this computer’ checkbox.

    After that, you need to enter your current username and the password.

    You need to click OK and restart the system.

    http://supportformicrosoft.iyogi.com/windows-7/windows-7-login-screen-disable.html

     

    Hope this information helps you.

     

    Monday, August 29, 2011 7:32 AM
  • Hi Everyone,

    I just ran across this problem yesterday.  The solution I found was that there was a registry key that was added to the profile list that pointed to no user.  I got my answer from this site submitted by "KindBullet":

    http://answers.microsoft.com/en-us/windows/forum/windows_7-security/how-to-make-windows-7-show-user-list-on-login/63cea659-f6a0-412d-a0b1-952a26c1df44?tm=1330607446607

    Just delete the user key that is not valid and reboot.  This should solve your problems.

    Have a Nice Day!

    Scott


    • Edited by ScottVincent Thursday, March 01, 2012 1:23 PM
    • Proposed as answer by ScottVincent Thursday, March 01, 2012 1:24 PM
    Thursday, March 01, 2012 1:17 PM
  • if you want to remove the switch user feature all you have to do is click on start and in the search bar type GPEDIT.MSC when this opens select administrative templates, the system, and finally login. in this folder you have log in options. it will say " hide entry points for fast user switching" right click and tell it to enable. and there you go the switch user tab is gone :) there are other options here as well for your users. don't need to go to regedit. this way is much easier :-)
    Thursday, June 28, 2012 5:35 PM