Q: Our Windows computers display logged on users' names and domain when their console is locked. Because of our very strict security requirements, our systems aren't supposed to reveal this information. Is there a way to disable this setting?
A: Yes, you can disable this setting on users' computers via Group Policy. On a Windows Server 2003 system, open the Microsoft Management Console (MMC) Group Policy editor (GPE) snap-in, navigate to Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, and double-click Interactive Logon: Display user information when the session is locked. Then select Do not display user information and click OK. Now the users' computers won't display any information about the current user when the console is locked. Given your security policy, you should also enable the Interactive logon: Do not display last user name option, which you'll find in the same folder. Enabling this policy will prevent Windows from displaying the logon name of the last user in the Logon to Windows dialog box.