In Windows 10, the user name, possibly user information (e-mail address …) and the domain name are displayed on the lock screen, for example, if the screen was locked using the Windows key combination “Windows key + L” .
Under certain circumstances it may now be desirable that the user name that is actually logged in is not displayed on the lock screen. It is also possible to hide additional user information such as e-mail address or the domain name using Group Policy .
To define the display of the locked Windows 10 system, you have to go to the following path in the Group Policy Editor.
Computer Configuration / Windows Settings / Security Settings / Local Policy / Security Options
There is then the group policy for the lock screen, which is called as follows.
Interactive login Show user information when session is locked
As you can see, there are a total of 4 settings for displaying a locked Windows.
- Show user view, user and domain name
- Show only user display names
- Do not display user information
- Domain and user names only
In our example, we once selected the option ” Do not display user information “. Then the display looks like this after locking Windows.
Instead of the username just becomes
Unlock PC
is displayed and the user name and password must be re-entered. So it does not allow any conclusions to be drawn about the actually logged in user.
Microsoft gives the following, very detailed information about this group policy.
This setting controls whether details such as the email address or “ domain username †are displayed with the username on the login screen. For clients running Windows 10, version 1511 and 1507 (RTM), this setting works similarly to previous Windows versions. Due to a new privacy setting in Windows 10, version 1607, this setting has different effects on these clients.
Changes in Windows 10, version 1607
Starting with version 1607, new functions have been added to Windows 10 to hide username details such as the email address by default. You can change the default value to see the details. This functionality is controlled by a new privacy setting in Settings> Accounts> Login options. The privacy setting is disabled by default, which hides the details.
This group policy setting controls the same functionality.
This setting has the following possible values:
– User display name, domain and user name: the full name of the user is displayed when logging on locally. If the user signed in with a Microsoft account, the user’s email address is displayed. “Domain Username” is displayed for a domain login.
– User Friendly Name only : the full name of the user who locked the session is displayed.
– Only domain and user names : “Domain username” is only displayed when you log on to a domain. The privacy setting in Settings> Accounts> Login options is automatically activated and grayed out.
– ” Do not display user information “: No names are displayed, but for all versions of Windows prior to Windows 10, the full names of the users are displayed on the user desktop “switch”. As of Windows 10, version 1607, this option is not supported. If this option is selected, the full name of the user who locked the session is displayed instead. This change makes this setting consistent with the functionality of the new privacy setting. If you do not want user information to be displayed, activate the group policy setting “Interactive login: Do not show last logged in user”.
– Empty : standard setting. This setting corresponds to “undefined”, but the full name of the user is displayed in the same way as for the option “Show only user display names”.
Finally, 3 more articles on the topic ” Locking Windows “.
– Deactivate Lock Workstation (Windows lock) with the Windows key + “L” – Lock
Windows 10 PC automatically when you leave the work place – Dynamic lock
– Lock computer with shortcut
