Have a windows 10 domain pc show more than just the last logged in user.

[jnic]

Is there any way on a windows 10 pc i have on a domain to show not just the last logged in user.  Have it show all the users that have logged in before.

[brwainer]

The following Group Policy change is mentioned in a few different topics on this issue, so it seems like your best bet. Be aware though that some people said it caused their login screens to not show any user at all, even the last one, so YMMV. https://answers.microsoft.com/en-us/windows/forum/windows_7-security/how-to-make-windows-7-show-user-list-on-login/63cea659-f6a0-412d-a0b1-952a26c1df44?auth=1

[Mikensan]

Are you just looking to see who has logged in, or make it easier for users to just click some sort of drop down / list of users? 

[jnic]

12 minutes ago, Mikensan said:

Are you just looking to see who has logged in, or make it easier for users to just click some sort of drop down / list of users? 

yah i would like a way for them to log in without having to type out there usernames each time 

[Mikensan]

15 minutes ago, jnic said:

yah i would like a way for them to log in without having to type out there usernames each time 

That's a bit much honestly, but I understand end-users can be needy. However one way is to use smart cards. They're somewhat cheap, $10 each or so and very easy to implement. (Found the SLE4442 on amazon for about $1 each)

 

Normally admins are trying to have the username field blank (pseudo security) which can be done quite easily. Only in home environments, off the domain, people want that list. So definitely hard finding a solution for you. I'm not sure the GINA or whatever Windows 10 calls it now supports that.

[Blake]

3 hours ago, jnic said:

yah i would like a way for them to log in without having to type out there usernames each time 

Open 'local security policy' (or do this in GPMC if this is enforced by a GPO already), look for Local Policies\Security Options\Interactive logo:Do not require CTRL+ALT+DEL.

 

Not sure if it would show everyone, or just the last user, haven't really tested it, and it's a pretty stupid idea. If people are having trouble remembering their username, your naming convention is really bad. Easiest thing to do would be to re-name (use powershell if you have a few hundred to automate the process) all the SAMAccountnames for each user. A good convention is [firstnameinitial][lastname][autonumber(optional)]@[domain].[tld], [firstnameinitial][middlenameinitial][lastnameinital]@[domain].[tld] or [firstname][lastnameinitial][extracharacters from last name till unique]@[domain].[tld]

 

Otherwise if you can't get any meaningful unique and easy to remeber names, make everyone an Autonumber (i.e F12345 for finance users, S12345 for Sales, etc etc) and just assign the important (read exec team/upper managment) login alias' and ignore the end users.

[dalekphalm]

On 12/20/2017 at 11:59 AM, jnic said:

Is there any way on a windows 10 pc i have on a domain to show not just the last logged in user.  Have it show all the users that have logged in before.

As @Blake said, honestly... this is a bad idea.

 

The whole point of Domain Users having to type their username in is simple. Security through obfuscation. If someone unauthorized stumbles across a PC, they have to guess usernames in addition to passwords.

 

Additionally, yeah just make super easy to remember passwords. First initial, last name "wsmith" for Will Smith. If they can't remember that, then there's something wrong, and you need to give them additional training.

On 12/20/2017 at 6:52 PM, Blake said:

Open 'local security policy' (or do this in GPMC if this is enforced by a GPO already), look for Local Policies\Security Options\Interactive logo:Do not require CTRL+ALT+DEL.

 

Not sure if it would show everyone, or just the last user, haven't really tested it, and it's a pretty stupid idea. If people are having trouble remembering their username, your naming convention is really bad. Easiest thing to do would be to re-name (use powershell if you have a few hundred to automate the process) all the SAMAccountnames for each user. A good convention is [firstnameinitial][lastname][autonumber(optional)]@[domain].[tld], [firstnameinitial][middlenameinitial][lastnameinital]@[domain].[tld] or [firstname][lastnameinitial][extracharacters from last name till unique]@[domain].[tld]

 

Otherwise if you can't get any meaningful unique and easy to remeber names, make everyone an Autonumber (i.e F12345 for finance users, S12345 for Sales, etc etc) and just assign the important (read exec team/upper managment) login alias' and ignore the end users.