How to Fix: Hide User Accounts Windows 10 Login Screen

Dennis Faas's picture

Infopackets Reader Sam G. writes:

" Dear Dennis,

Thanks for your incredible service in helping me to set up a secure remote desktop using OpenVPN - now we can connect remotely to our office PC without worries of ransomware. Currently we have 10 people in the office and some of those users have unrestricted administrator access on the system. I would like to know if it's possible to hide user accounts in Windows 10 from the login screen? This is a security concern in case an employee's laptop was stolen - I don't want someone having access to our network remotely and trying to guess login passwords 24/7. If I'm able to hide user accounts from the login screen, then the attacker would have to know both the user name and the password, and not just the password. Can you help? "

My response:

Yes, it is possible to hide user accounts at the login screen using two methods: one is to specify only some users to hide, while the other hides all users from the login screen. The latter is the most secure method.

How to Fix: Hide User Accounts Windows 10 Login Screen

Below I will discuss two methods.

Option #1: Hide Certain Users from Login Screen

The steps below will use an automated approach to hiding specific users from the Windows 10 login screen. This method is less secure than hiding all accounts (discussed as Option #2 further down).

  1. To begin, open up an administrative command prompt: click Start, then type in "CMD" (no quotes); wait for CMD.EXE or Command Prompt to appear in the list, then right click it and select "Run as Administrator".
     
  2. Next, highlight the text below using your mouse:

    set name=John Doe
    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /f /v "%name%" /t REG_DWORD /d 0
    echo this is a dummy line
     
  3. Right click the above highlighted text and select "Copy" to place it into your clipboard. Next, open up Notepad (click Start, then type in "Notepad" and then click on it). Once Notepad is loaded, press CTRL-V to paste the text. If you have 3 users that you would like to remove from the login screen, then paste the text 3 times.
     
  4. Next, change the set name=John Doe to whatever user name you want to hide from the Windows 10 login screen. If you pasted the text 3 times, then you will need to enter in 3 different user names. Make sure you type in the names correctly or it won't work.
     
  5. When you're done entering names, press CTRL+A in Notepad to select all, then press CTRL+C to copy your script to the clipboard. Navigate to the command prompt you opened in Step #1, then right click in the middle of the window and select Paste. The text you copied in Step #4 should be output to the command line and the commands executed.
     
  6. When you log off the system, the users you specified will no longer be shown at the login screen.

How to Undo Changes

To add a user back to the login screen (after you manually removed them using the above steps), execute this command using the same method as above:

set name=John Doe
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v "%name%" /f
echo this is a dummy line

Option #2: Remove All Users from Login Screen in Windows 10

This option is the most secure method because all users are hidden from the login screen, which means an attacker would have to know both the user name and password in order to gain access to the network.

  1. To begin, open up an administrative command prompt: click Start, then type in "CMD" (no quotes); wait for CMD.EXE or Command Prompt to appear in the list, then right click it and select "Run as Administrator".
     
  2. Next, highlight the text below using your mouse:

    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "dontdisplaylastusername" /t REG_DWORD /d 1
    echo this is a dummy line
     
  3. Right click the above text, then select "Copy" from the dialogue menu.
     
  4. Navigate to the command prompt you up in Step #1, then right click in the middle of the window and select "Paste". The text you copied in Step #2 should be output to the command line.
     
  5. When you log off the system, no user will be specified at the login screen.

How to Undo Changes

To show all users at the login screen, enter the following command using similar steps outline above:

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "dontdisplaylastusername" /t REG_DWORD /d 0
echo this is a dummy line

I hope that helps.

Related: How to Set up a Secure Remote Connection Using RDP

About the author: Dennis Faas

Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form. 

Rate this article: 
Average: 5 (9 votes)

Comments

Jim-in-kansas's picture

I have not tried this yet but it seems to be an awesome technique and very secure. I have several machines used in Amateur Radio that have multiple User Accounts that are sometimes used remotely. That added level of security sounds like just the ticket.

I also have 10 PCs in my office LAN need this attention also.

Thanks to the person who brought this issue to your attention and your neat simple, and I am certain, effective solution.

Regards,

Jim-in-Kansas