Windows 2008: Removing a username from the login list.

Posted on 10/12/2008 @ 11:30 PM in #SharePoint by | Feedback | 3331 views

.. or more specifically, removing a user's interactive login right.

Sometimes, especially on a development VM without a domain, you will find that accounts such as the document conversions user, or the config account appear in the logon list. This is an annoyance, since you don't want SPConfigAcct to login.

Here is how to fix it -

  • Run gpedit.msc
  • Go to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment, and look for "Deny log on locally".
  • Double click "Deny logon locally" and add all the accounts that you'd rather not have login/appear on the logon screen.

Hit OK - that's it. This should fix it.

Sound off but keep it civil:

Older comments..


On 11/18/2008 3:32:50 PM Mitch said ..
Cool, thanks for this.

It would be great however if Microsoft had a simple check box on the user accounts (turned OFF be default) saying "display on logon screen". Quite honestly this is one of the BIGGEST security flaws of windows 2008, anybody trying to access your server through terminal services can get themselves a nice FREE list of all your usernames. Not to mention that it makes the Welcome screen look so damn messy. Once again another security blunder by Microsoft ..... one step forward .... ten steps back.