Interactive Logon: Display user information when session is locked

When a session is locked in a Windows operating system (meaning the user at the computer pressed CTRL+ALT+DEL and the Secure Desktop is displayed), user information is displayed. By default, this information is in the form of is logged on. The displayed user name is the user’s full name as set on the Properties page for that user. These settings do not apply to the logon tiles, which are displayed on the desktop after using the Switch User feature. The information that is displayed can be changed to meet your security requirements using the following possible values.

Possible values

  • User display name, domain and user names: If this is a local logon, the user’s full name is displayed on the Secure Desktop. If it is a domain logon, the user’s domain and user’s account name is displayed.
  • User display name only: The name of the user who locked the session is displayed on the Secure Desktop as the user’s full name.
  • Do not display user information: No names are displayed on the Secure Desktop, but user’s full names will be displayed on the Switch user desktop.
  • Blank: Default setting. This translates to “Not defined,” but it will display the user’s full name in the same manner as the User display name, domain and user names option. When an option is set, you cannot reset this policy to blank, or not defined.

Policy path: 

Computer Configuration\Windows Settings\Local Policies\Security Options

Default: 

Blank

Supported on: 

At least Windows Vista, Windows Server 2008

Registry settings: 

Machine\Software\Microsoft\Windows\CurrentVersion\Policies\System, value=DontDisplayLockedUserId