Sunday, June 7, 2015

ALWAYS display the last / default user Windows 7 welcome screen


I have three user accounts on a Windows 7 machine: share, admin and standard.


I only want the standard account to appear on the welcome screen.


I know about the special accounts/user list registry edit. Unfortunately, that removes the account from the UAC elevated privilege dialog box. I would not like to "auto login", because that skips the welcome screen.


Consider the "don't display last user" setting.


If only there were a way to ALWAYS display the last user — like when restarting — instead of just when logging off. This would psuedo-hide the other accounts — as long as the user sees only their account, they'll never click "switch users".


Any thoughts?


Wait for Win7 SP1? ;D


Answer



This isn't the solution to the exact question you asked, but will accomplish your goal of being able to elevate to the administrator account but not have it show up on the login screen.


Here's what you need to do. Use the special accounts registry entry to hide the administrator account (and whatever other accounts you want to hide) from the login screen. Then, configure UAC to prompt for both a username and password, instead of just showing the clickable usernames. This will let you elevate to one of the hidden accounts, because it behaves much like the "do not display last username" setting does for the login. This is what it will look like; you can type in any (administator's) username:


elevation


In order to configure this, all you have to do is create one registry value. Go to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies and create a key called CredUI if it doesn't already exist. Then, within CredUI, create a DWORD called EnumerateAdministrators with the value 0x00000000. That's it! Now you can elevate to any account you want, and hide any account you want.


If you don't want to edit the registry by hand, you can paste the following code into notepad, and save it as a file with a .reg extension, then open the file to add the data to the registry.


Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI]
"EnumerateAdministrators"=dword:00000000

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...