12

I have three user accounts on a Windows 7 machine: share, admin and standard.

I only want the standard account to appear on the welcome screen.

I know about the special accounts/user list registry edit. Unfortunately, that removes the account from the UAC elevated privilege dialog box. I would not like to "auto login", because that skips the welcome screen.

Consider the "don't display last user" setting.

If only there were a way to ALWAYS display the last user — like when restarting — instead of just when logging off. This would psuedo-hide the other accounts — as long as the user sees only their account, they'll never click "switch users".

Any thoughts?

Wait for Win7 SP1? ;D

Improve this question
0

3 Answers 3

Reset to default
14

This isn't the solution to the exact question you asked, but will accomplish your goal of being able to elevate to the administrator account but not have it show up on the login screen.

Here's what you need to do. Use the special accounts registry entry to hide the administrator account (and whatever other accounts you want to hide) from the login screen. Then, configure UAC to prompt for both a username and password, instead of just showing the clickable usernames. This will let you elevate to one of the hidden accounts, because it behaves much like the "do not display last username" setting does for the login. This is what it will look like; you can type in any (administator's) username:

elevation

In order to configure this, all you have to do is create one registry value. Go to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies and create a key called CredUI if it doesn't already exist. Then, within CredUI, create a DWORD called EnumerateAdministrators with the value 0x00000000. That's it! Now you can elevate to any account you want, and hide any account you want.

If you don't want to edit the registry by hand, you can paste the following code into notepad, and save it as a file with a .reg extension, then open the file to add the data to the registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI]
"EnumerateAdministrators"=dword:00000000
Improve this answer
1
  • By the way, it says "Domain: MOSS", but that's just the name of my local computer. This is actually the default behavior on a domain (to prompt for username and password), but it is possible to enable it on a computer not joined to a domain. Should work in any version of Windows 7 or Vista, but I have only tested on Windows 7 Pro.
    – nhinkle
    Commented Aug 30, 2010 at 4:12
4

Workaround: Get domain style logon on a workgroup computer.
Guessing the original asker won't see this, but for the benefit of any who may come across this looking for such functionality in Windows 7...
To get only last user + switch button (other user) logon on a workgroup computer - add:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\DomainStyleLogon]

All registry warnings apply. The name "DomainStyleLogon" doesn't seem to matter - just that there is an empty key under ProfileList. I found the thread:
http://answers.microsoft.com/en-us/windows/forum/windows_7-security/how-to-make-windows-7-show-user-list-on-login/63cea659-f6a0-412d-a0b1-952a26c1df44
where a user reported as a problem this behavior which I was actually looking for. So I reversed the fix offered there by KindBullet and it seems to work. I'm not saying I recommend this - intentionally using what seems to be a bug, and may be "fixed" in the future - but it does seem to be working fine for me without other side effects.

Improve this answer
-3

Just log in Remote dekstop using another PC in LAN environment and when asking user id and password, just key the hidden id and password. Done

Improve this answer
1
  • Please read the question again carefully. Your answer does not answer the original question.
    – DavidPostill
    Commented Mar 17, 2016 at 21:36

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .