KnowledgeBase: You can only log on as "Other user" when the "Do not display last user name" Group Policy setting is enabled in Windows 8 or Windows Server 2012

knowledgebaseMany Active Directory admins consider it unsafe to display the last users logon name on the Logon Screen, since it provides information on naming conventions, etc. to possible malicious people. Others change the default Logon Screen to accommodate for presentation PCs, flexworker desktops and other commonly shared IT equipment.

Do Not Display Last User Name

Microsoft offers a couple of Group Policy settings you can use to change the default Logon Screen. They are located in Computer Configuration, under Windows Settings, Security Settings, Local Policies, Security Options:

Security Options in the Group Policy Management Console (GPMC) (click for larger screenshot)

Some of these have been around for a long time, like the Interactive logon: Do not display last user name group policy setting.

The setting can be applied to Organizational Units, containing computer accounts. With the right Organizational Unit structure, it can be applied to presentation PCs, but not to normal desktops, to accommodate users in their personal computing experience, where appropriate.

 

Windows Vista and Windows 7

In Windows Vista and Windows 7, when you apply this Group Policy setting, the Logon Screen, by default, will display an empty avatar and the two common fields to enter credentials. (among other options) It looks like this on Windows 7:

Default Windows 7 Logon Screen with "Do not display last user name" policy enabled (click for original screenshot)

 

Windows 8

In Windows 8, the Logon Screen has changed. Its fields are enlarged to accommodate selection by touch. You will still find the options to enable accessibility options, change the keyboard layout and turn off the PC and the two input fields:

Default Windows 8 Logon Screen with "Do not display last user name" policy enabled (click for original screenshot)

But, one large difference between the logon screen in Windows 7 and Windows 8 is the label above the input fields: The Windows 7 Logon Screen does not display a label, where the Windows 8 Logon Screen suddenly describes your Logon attempts as attempts to log on as an Other user.

In Windows Server 2012, the same label is given to logon attempts when the Interactive logon: Do not display last user name Group Policy setting is applied.

This can be really confusing for users and admins, so Microsoft has decided to publish a KnowledgeBase article, describing the label as ‘by design’…

Related KnowledgeBase articles

2741622 You can only log on as “Other user” when the “Do not display last user name” Group Policy setting is enabled in Windows 8 or Windows Server 2012

Related blogposts

Five must-have Group Policy settings to make people productive with Windows 8 on day 1
Five must-have Group Policy settings to create an uniform look for your Windows 8 clients
Five must-have Group Policy settings when your colleagues use 3G / 4G connections
Five must-have Group Policy settings to protect peoples privacy in Windows 8 and IE 10

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.