I need to be able to change the default domain\user log on prompt. IT team members where I work need to be able to log in to a users PC perform a maintenance routine, repair, or security audit etc and then reset the "last log on" to the user. This enables IT to be able to mask our having been in their computer, a very important tool when doing security checks and looking for signs of inappropriate computer use etc. In Windows XP we could use the following Reg hack to reset the default log on prompt to the user and domain we need. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultUserName"="username" "DefaultDomainName"="DomainName" "CachePrimaryDomain"="DomainName" These settings are in the Win 7 reg, but they don't seem to do anything. What do I need to do to make these settings rule and gain control over the log on prompt? Thanks, Ralph Malph

Hi, I think, that this hack is not working in Windows 7 through security reasons...

Thanks for the reply Jiri, but I kind of figured that. What I need to know is how to "turn off" the feature that is stopping the hack from working or another hack that will override the "security" setting, or at least what security setting/policy is interfering with my having control over this feature. Thanks again, Ralph Malph

Hi, try turn off UAC... also try this program: http://cid-51ae70800407719e.office.live.com/self.aspx/Geometrie/windowsautologin.exe and then, remove from registry password entry...

Thanks Jiri, I will try the link you gave. UAC is already off, the first thing I do on a Win 7 or Vista PC. Ralph Malph

Thanks again Jiri, I tried the suggested program and in the end I did get the result that I wanted but not without a couple of hitches. Here is the way it worked.... I was able to put in a users name and the domain and leave the password blank. When the system rebooted it would try to log in with the new credentials then would give an error, due to the missing password, then you could click on "ok" and you would get the normal log on prompt with the default domain\user correctly set which is the end result I am looking for. The problem with this method for me is that it still gives a clue that some one has been on the PC. The error out message is not going to work for us in the long run but the program was able to take control and change the log on prompt to the correct domain\user. If I could find out what setting are being tweaked by this program I might be able to massage them to work the way I need them to work. Any ideas on what settings are being tweaked by this program? If I can find out then I can probably write my own modified version that will do exactly what we need it to do. On another note concerning the program, I have not tested it with an account that will get disabled if someone/thing tries to log in more than 3 times with incorrect password. I will do that soon and let you know if it causes any problems. (Not sure how many times it tries to log in until it gives up.) Again, thanks Jiri for all the help, Ralph Malph

Jiri, I ran the final test and thanks to our log on splash screen the system did not lock me out, but if it was not for that I believe it would have. Any other ideas would be greatly appreciated, how about it Microsoft, any MS engineers want to tackle my question? It should be easy for them as they wrote the code that controls the OS and should know where all the "loop" holes are. Thanks again for all the help Jiri, Ralph Malph

Could you just turn off "Display last username" via a GP?

Thanks for the reply Arkiados06. I could turn off "Display last username", but that would defeat what we want to acomplish. First our users etc prefer that the system remember their log on and we, IT support, also like to be able to tell the who the last person to log on to a system was without digging in to the event viewer etc, especially for systems with more than one authorized user. Second, by doing that, if a non authorized person tried to log on, say a janitor who's credentials would let him, just not with local admin privalages, so that they could go crusing the internet looking for music to download or posting items on e-bay to sell etc instead of working, there would be no obviouse sign that some one had done that to clue us in to the fact that we need to be concerned about this employee. Now with that policy in place, for good reason, there are occasions we may need to log on to an employee's PC to do maintenance or to look for inappropriate use and we need to hide the fact that we were there and reset the default log on prompt to the normal user. First because we would not want the user to mistakenly try to put in their password for the "wrong account" and then after 3 tries have it lockout the account, and more importantly for safety and security. Safety and security because if I have to log on to a users PC to investigate possible miss-use then they may get a clue that something is up and have an opportunity to hide what they were doing or if they happen to be mentally unstable they might just go "Postal" if they suspect that they are being watched and I would not want my credentials to show up as the last one on their system if that was the case. We also use a unique name for the local admin account and we would not want that to be displayed at the log on prompt should it have been the last account to log on nor do we want our own credentials to show up as they have elevated domain privileges. So needless to say it is VERY important that IT admins have COMPLETE control over the default log on prompt. In XP we could easily exert the control we needed with the reg hack shown at the top of this discussion. Since Microsoft has changed how the default user prompt is configured making the reg hack useless I need them to tell me all the reg settings I need to adjust in order to regain control. This is NOT an option or a wish list for MS, but a matter of absolute necessity for obvious safety and security concerns and it would be negligent of MS not to get myself and all the other IT admins out there the info we need to regain control of the default log on prompt ASAP. We would like to start deploying Windows 7 instead of XP but until we, IT support, have complete control over this like we did in XP we can not safely do so. I know if something bad happens because we did not have the necessary control over this function, MS would be the first company I would sue for damages and I am willing to bet I am not alone. It is in their best interest to get this info out ASAP! So once again I am challenging a Microsoft engineer/employee to quickly pass on the required information as it seems that none of the MVPs have a clue as to how to do this, not that I expect them to as they did not write the program nor make this particular change for the worse. Failure to answer this ASAP is not acceptable for the richest most powerful company in the world and would constitute proof positive of a complete lack of care and concern for the safety and well being of the users of its products! I can go on and on, but I think I have made my point. Thanks to all of those who have tried to help :-) and a "pox" to MS for not trying and obviously not caring, :-( Ralph Malph

I've been searching for an answer to this also and after searching through the registry, finally discovered the location for this in the Windows 7 registry. The key is found here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI To set the logon screen to display just "Other User" use this registry edit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI] "LastLoggedOnProvider"="" "LastLoggedOnSAMUser"="" "LastLoggedOnUser"="" So far this has been working on a Win7 64bit Enterprise test machine but haven't test on others yet. Dave

Hi Ralph Malph, does Dave's solution resolve your issue?

Dave, THANK YOU for the code. This is the closest I have found to the answer so far. I am still in the process of testing it. What I have found so far is that I am able to change the log on prompt to what ever I want using the following two reg settings... "LastLoggedOnSAMUser"="domain\user" "LastLoggedOnUser"="domain\user" The last reg word, LastLoggedOnProvider, is where I am having difficulty. I am in the process of researching what this value represents and how to control it. It is a cryptic item so it may take a while to crack it. So far hers is what I have done to test. I created a local user, TestLog, on a Win 7 32 bit PC. I changed the "SamUser" and "User" reg settings to "LocalPCName\TestLog" and rebooted the PC. I did not change nor delete the "Provider" value. After reboot the prompt read exactly what I wanted, YEA !!!! But then something flashed real fast past the screen about not finding a "student" listed and then it logged me off. I believe that this is related to the "Provider" value, what ever that realy represent not being correct for that user. I will continue my tests and let you know the results soon. It is now time to go home. THANKS AGAIN for the help, it has been the best so far. Ralph Malph

Great news Dave, You found the answer! I ran many tests on Win 7 32 and 64 bit systems with your sugestion and found the following... My first set of tests posted yesterday had problems due to permissions that were unique to my system. I had been playing with some of the permissions in the user folder for different unrelated reasons and did not remember to reset them. (Need to make sure that "everyone" and "local users" have read permissions in the "User" folder and the "default" profile, which is hidden, when trying to log on as users who have not already been longed on before and are not members of the local admin group.) With that said, I fixed my permissions and was able to control the default log on prompt with the following reg setting, first suggested by Dave above and shown below as I use it. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI] "LastLoggedOnSAMUser"="domain\username" "LastLoggedOnUser"="domain\username" The difference between what Dave did and what I do is that I do not mess with the "LastLoggedOnProvider" setting mentioned in Dave's post. This seems to be a cryptic number and seems to be the same for any of the users I logged in as on my system, so I am considering it unnecessary to change for controlling the default prompt and my tests have confirmed that. I also noticed in my tests that there were occasions, even though I was running under an account in the local admin group and had UAC off, where I would run the .reg file and it would say that it had imported with out an error, but when I check I found that it had in fact NOT imported the changes. I do not have an explination for that but I found a work around and it actually adds an extra option for you if you use it. That work around is to use a .BAT or .CMD file instead of a .REG file to do the work. The advantage I found in using a .BAT file was that I could be logged in via a restricted account and still be able to "right click" on the .BAT file and run as the local administrator, which I can not do with a .REG file. The syntax for .BAt file for making these reg changes is as follows. The pause is optional but recommended so that you can see if it completed succsfully. I also saw where in one test I had the .BAT file on a server and was accessing it on a workstation with UAC on, set to default WIN7 settings, and even though we supplied the correct local admin credentials it would not properly run. I had to copy the .BAT file to the local PC and run it, as administrator, from there in order to get it to work. I don't know if there would have been a difference had UAC been off and I have not tested it to see, perhaps someone else can and post the results. call reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnSAMUser /t REG_SZ /d "domain\username" /f call reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUser /t REG_SZ /d "domain\username" /f pause I also found in my research in to the reg, thanks to Dave for pointing me in the right direction, that there are two or more other locations that have the keywords "LastLoggedOnSAMUser" and "LastLoggedOnUser" stored in it. They seem to be backups of the last/current user etc to log on and it does not seem that they need to be touched in order to change the default log on prompt. These areas are numbered 1, 2, 3, etc under the "LogonUI" under the "SessionData" as shown below. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\2 and so on. Anyway I believe my question has now been answered, thanks to Dave, and I hope this discussion will be of value to other ITs with similar needs. I will mark Daves answer as correct, but hope that others read this final post to get a better understanding of how the settings work etc. Thanks again to ALL who responded, and a SPECIAL THANKS to Dave! Ralph Malph

Ralph Great to hear that this is working for you. I have not had a lot of time to do a lot of testing on this yet so I haven't investigated the LastLoggedOnProvider value. There is not much information on this at all. And from looking at this post http://harun.se/blog/?cat=16 on using LastLoggedOnProvider for Smart Cards it probably has something to do with the type of authentication so the value would remain the same for a domain or local machine logon and you are right that it doesn't need to be changed. There doesn't appear to be a list of values to use for the providers anywhere so I'm not sure where one would get other provider values but least this is not important for logging into a domain or local machine. Also if you are changing to logon in with a local account, especially with a script or reg file, you can use the period "." for the name of the local machine name so the LastLogOnUser value would be: "LastLoggedOnUser"=".\username" I think the local machine name will replace the "." in this value when the user logs out. At least this works to logon into a machine with a local account and you can't remember the exact machine name. If I remember correctly, the security permissions for running .bat from a remote server may not be allowed since the local admin context does not have NTFS permissions on the remote server. You may need to use the Sysinternals tool Shell Runas to runas a user with permission to the remote server: http://technet.microsoft.com/en-us/sysinternals/cc300361.aspx Thanks for posting the .bat script code. Its nice to finally have a working solution for this issue and that your tests have been successful. Thanks. Dave

Ralph Great to hear that this is working for you. I have not had a lot of time to do a lot of testing on this yet so I haven't investigated the LastLoggedOnProvider value. There is not much information on this at all. And from looking at this post http://harun.se/blog/?cat=16 on using LastLoggedOnProvider for Smart Cards it probably has something to do with the type of authentication so the value would remain the same for a domain or local machine logon and you are right that it doesn't need to be changed. There doesn't appear to be a list of values to use for the providers anywhere so I'm not sure where one would get other provider values but least this is not important for logging into a domain or local machine. Also if you are changing to logon in with a local account, especially with a script or reg file, you can use the period "." for the name of the local machine name so the LastLogOnUser value would be: "LastLoggedOnUser"=".\\username" Also the back slash character needs to be escaped with another back slash in the string in order for this to be used in a .reg file. I think the local machine name will replace the "." in this value when the user logs out. At least this works to logon into a machine with a local account and you can't remember the exact machine name. If I remember correctly, the security permissions for running .bat from a remote server may not be allowed since the local admin context does not have NTFS permissions on the remote server. You may need to use the Sysinternals tool Shell Runas to runas a user with permission to the remote server: http://technet.microsoft.com/en-us/sysinternals/cc300361.aspx Thanks for posting the .bat script code. Its nice to finally have a working solution for this issue and that your tests have been successful. Thanks. Dave