none
Remove Account from Login Screen without disabling the account

    Question

  • How do I remove an account from the login screen without disabling the account.  I have one I created for a service to use and another for running some test that I don't want showing up on the Login Screen.  I tried net user Test_User /active:no and found that it did remove it from the login screen it also disabled the account.
    Joe Moyle
    Monday, September 08, 2008 2:22 AM

Answers

  • Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList. If the SpecialAccounts or UserList keys do not exist, create them. Create a DWORD registry value and name it as the name of the user you are trying to hide (say, johndoe, for example). Set the value to 0 (this flags the user as hidden on the welcome screen).

    Salvador Manaois III
    MCITP | Enterprise/Server Admin
    Bytes & Badz : http://badzmanaois.blogspot.com

    • Marked as answer by Joe Moyle Tuesday, September 23, 2008 12:44 PM
    Tuesday, September 23, 2008 9:05 AM

All replies

  •  

    Hello Joe,

     

    Do you mean the user name that last log on the system in the Windows logon screen?

     

    If yes, there is a group policy setting that can disable the system to show the last user name.

     

    1. Type "gpedit.msc" in the command prompt to open the Local Computer Policy.

    2. Locate the "Interactive Logon: Do not display last user name" policy in:

     

    [Computer Configuration--->Windows Settings--->Security Settings--->Local policy--->Security Options]

     

    Interactive logon: Do not display last user name

    http://technet.microsoft.com/en-us/library/cc785301.aspx

     

    Have I misunderstood the problem?

     

    • Marked as answer by Miles LiModerator Monday, September 15, 2008 2:44 AM
    • Unmarked as answer by Joe Moyle Wednesday, September 17, 2008 11:25 PM
    Tuesday, September 09, 2008 10:40 AM
  • Thanks for taking the time to think about this and reply.  I would have replied sooner but I just got power back in my house.  I live in Houston and have been without power and water since Saturday morning due to hurricane Ike.

    Anyway, you have misunderstood.  I'm using Windows Server 2008 x64 Enterprise as my home desktop.  I'm a DBA by trade and there are many tricks a full time sysadmin would know that I don't despite me having a reasonable understanding of the OS.  When I Ctl+Alt+Del to login I see 4 icons show up.  Administrator, myself, an account I created for the SQL service, and a test user account.  I never log in as anyone but myself and would like to make the other three accounts disapear from this screen but not actually disable them since they are used, just not interactively.

    I did attempt the following to try to get the desired behavior.  I created a group called Service Accounts.  I added the SQL service account to it.  I then added the group Service Accounts to the Policy called Deny Log on locally via the GUI for Local Security Policy.  But, the SQL account still shows up on the log in screen.

    Does that help explain it better?

    Joe Moyle
    Wednesday, September 17, 2008 11:35 PM
  • Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList. If the SpecialAccounts or UserList keys do not exist, create them. Create a DWORD registry value and name it as the name of the user you are trying to hide (say, johndoe, for example). Set the value to 0 (this flags the user as hidden on the welcome screen).

    Salvador Manaois III
    MCITP | Enterprise/Server Admin
    Bytes & Badz : http://badzmanaois.blogspot.com

    • Marked as answer by Joe Moyle Tuesday, September 23, 2008 12:44 PM
    Tuesday, September 23, 2008 9:05 AM
  • Thank you.  That seems to have worked.
    Joe Moyle
    Tuesday, September 23, 2008 1:15 PM
  • Hi Salvador,

     

    sorry for reponening this post after nearly two years:

    i have both settings:

    - the correct registry key

    - plus policy-settings

     

    My setup behaves not exact the same:

    - if the station is locked, the screen shows enter-username+password

    - if the station is locked for 5 or 6 hours, if i come back then it switched to the icon-view (and one can see the last username)

     

    What i'm looking for is a solution which makes the logon-screen have as it did in W2K3:

    - really no information, just schow please-enter-username+password.

    - no icons etc. would be cool, also (especially the language bar on the logon/welcome screen is annoying since it indicates to others what language is used on the maschine and this info may be used as a security-flaw)

    is there any chance to achieve this?

     


    Sunday, July 11, 2010 3:10 PM
  • Hi Miles

    Thanks the idea work great.

    Ford B

    Friday, November 11, 2011 5:07 PM
  • You can disable the entire welcome screen, and force users to type in a user name and password by creating the registry key here http://technet.microsoft.com/en-us/library/cc737321(WS.10).aspx and setting the value to 1.
    Wednesday, February 01, 2012 5:49 PM
  • hi,

    thanks for the tip - it works like a charm.

    although, once i changed the registry like u mentioned and the admin account is disabled from the login screen.

    how do i login as the user i just hidden ?

     

    thnx

    shlomi

    Sunday, February 05, 2012 9:43 AM
  • You saved my life.
    Friday, June 15, 2012 4:52 PM
  • You are simply a Genius. Thanks for making my day

    Friday, June 14, 2013 3:12 PM
  • On the login screen type in the domain and username like this:       exampledomain.local\username

    and then it will login to the admin. 

    like: exampledomain.local\admin and then type in the password. (It Should Work)

    Thursday, September 26, 2013 3:03 AM