There are a couple of ways to do this: a utility and a direct hack to the Registry. The utility is TweakUI, which is available on the Windows 2000 Resource Kit. This tool contains a multitabbed interface that controls lots of little interface parameters, including the last logon display.
The direct hack method goes like this. Open Regedit and drill down through Hkey_Local_Machine | Software | Microsoft | Windows NT | CurrentVersion | Winlogon. This is the key that controls the Graphical Identification and Authentication (GINA) window. Find the DontDisplayLastUserName entry and change the value from 0 to 1.
In your situation, the Registry hack is probably going to be the simplest to deploy to users. Save the entry using Regedit via Files | Export Registry File. Give it a name like NoName.Reg. Then edit the file and remove all but the entry you're going to distribute. It will look something like this:
Windows Registry Editor Version 5.00
Then put a line in your logon script like this.
Regedit /s noname.reg
Dig Deeper on Microsoft Active Directory Security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.