This content has been marked as final. Show 8 replies
I hope "not"!
eer no. that would seem kind of odd?
Why is that odd?
Standard Windows Vista behaviour tells you who is logged on at the lockout (ctrl-alt-del) screen anyway ? So whats the point having the user name hidden, there is no security benefit, but clearly a security benefit at PBA.
what if you suspend your machine and then it gets stolen?
I tend to agree with you that user names should not be considered secret, but many disagree with me on that topic.
Maybe I am being thick, but why is that an odd request?
I see it that the op wants the username hidden when they log on to SafeBoot, but to retain it at the Windows log in screen.
What is so daft about that or am I missing something here? :confused:
(Too slow typing) Dooh!
we hide the user name because some people consider it to be sensitive. We don't want a thief knowing it.
The OP wants it hidden in some situations, and not in others - this is what's odd - if you don't consider it sensitive, then show it. If you do, hide it. Having it hidden sometimes and shown other times seems as odd as my bike only running on 3 cylinders, but a different 3 everytime I try and work out why.
I haven't encrypted a Vista machine yet, but wouldn't this only apply if SafeBoot was your GINA? In the case where you're using the Windows GINA but using SafeBoot/EEPC for Single Sign-on, wouldn't the Windows policy control if the username is shown in the unlock box?
Ok let me start again.
We DO consider the user name sensitive and would therefore like to hide it.
We have Windows Vista PC's with SSO enabled.
At the PBA we would like to have the username hidden and this can be achieved by enabling the "Do not display previous user name at logon" option. So we are happy with this part of the problem.
The second part of the problem is when a user is in the Windows shell and locks the workstation via a ctrl-al-del or the screensaver locks the workstation. When the user attempts to unlock the workstation by logging back in EndPoint hides the user name thus resulting in the user having to enter both the username and password. Now this is the bit which I have an issue with, At the unlock screen Windows Vista displays the currently logged on username on the screen, so EndPoint hiding the username has no security benefit but has a negative impact on user experience.
So it is not an odd request, there is no point Endpoint hiding something that Vista shows and thus making the user do more work for no security benefit.