I do not want to display the previous user name at the PBA screen so I have enabled the "Do not display previous user name at logon" option. However this also hides the username when the user locks their machine in Windows Vista. Is it possible to NOT display the previous user name at PBA but display it at the Windows lockout screen?
Standard Windows Vista behaviour tells you who is logged on at the lockout (ctrl-alt-del) screen anyway ? So whats the point having the user name hidden, there is no security benefit, but clearly a security benefit at PBA.
we hide the user name because some people consider it to be sensitive. We don't want a thief knowing it.
The OP wants it hidden in some situations, and not in others - this is what's odd - if you don't consider it sensitive, then show it. If you do, hide it. Having it hidden sometimes and shown other times seems as odd as my bike only running on 3 cylinders, but a different 3 everytime I try and work out why.
I haven't encrypted a Vista machine yet, but wouldn't this only apply if SafeBoot was your GINA? In the case where you're using the Windows GINA but using SafeBoot/EEPC for Single Sign-on, wouldn't the Windows policy control if the username is shown in the unlock box?
We DO consider the user name sensitive and would therefore like to hide it.
We have Windows Vista PC's with SSO enabled.
At the PBA we would like to have the username hidden and this can be achieved by enabling the "Do not display previous user name at logon" option. So we are happy with this part of the problem.
The second part of the problem is when a user is in the Windows shell and locks the workstation via a ctrl-al-del or the screensaver locks the workstation. When the user attempts to unlock the workstation by logging back in EndPoint hides the user name thus resulting in the user having to enter both the username and password. Now this is the bit which I have an issue with, At the unlock screen Windows Vista displays the currently logged on username on the screen, so EndPoint hiding the username has no security benefit but has a negative impact on user experience.
So it is not an odd request, there is no point Endpoint hiding something that Vista shows and thus making the user do more work for no security benefit.