According to all the tutorials I've read, this should cause Windows to prompt for both a username and password at login, but doesn't (Doing this via the registry should result in the same behavior as when these options are set through the group policy editor.):
#set “Interactive login – Display user information when session is locked” to “Do not display user information”
#REF: http://www.sevenforums.com/tutorials/182700-lock-computer-screen-display-user-information-not.html
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]" -name "DontDisplayLockedUserId" -Value 3
#set “Interactive Login – Do not display last user name” to “Enabled”
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]" -name "dontdisplaylastusername" -Value 1
The registry keys update but the login prompt still shows the last user name. Rebooting twice didn't help. (I've watched the changes being made with regedit, when I do this through the Security Policy editor and these seem to be the correct registry keys...)
Is there something else that I need to do to get the settings to take? I've tried doing a group policy update after updating the registry, but that just stepped on the changes.
Thanks!
I figured this out: The problem was that group policy was updating at logoff and over writing the settings. The fix was to remove the security permissions for NT AUTHORITY\SYSTEM and then grant the SYSTEM user account only readkey permission to the keys in question.
(I would have posted a copy of my code but I can't figure out how to get code block function to format more than the first line. So, here's the reference source I used: http://www.rubaniuk.com/?p=192)