Idontwantspam Posted November 24, 2007 Share Posted November 24, 2007 In order to keep people from knowing the usernames of accounts on my computer, I have implemented the policy setting to hide the username of whoever logged on most recently. However, users can still right-click on any program or link to a program and choose runas and see a list of all the administrator accounts on the computer. Is there any way to hide them on this list, too? Link to comment Share on other sites More sharing options...
neo Posted November 24, 2007 Share Posted November 24, 2007 Run Registry Editor and navigate to:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListIf the SpecialAccounts and UserList keys don't exist, create them. Create a DWORD Value and named extact to <user name> you want to suppress. Leave its data set to 0. Reboot.Now that user name will not appear on the Welcome screen - to log in with that account you'll press Ctrl+Alt+Del twice at the Welcome screen and enter the username/password. I *think* it will also not show up in the Run As dialog.I have not tried yet ! But I hope it'll.............Thanks for your Restrict individual users with group policy! Tutorial ! AWESOME Link to comment Share on other sites More sharing options...
Idontwantspam Posted November 24, 2007 Author Share Posted November 24, 2007 (edited) I tried that, but it didn't work. I think there is a way to turn it off completely as I seem to recall having seen someone's computer who had it set up that way, but I don't remember who's it was or how they did it.Oh, and thanks for the complement, I'm glad you liked it. Edited November 24, 2007 by Idontwantspam Link to comment Share on other sites More sharing options...
PC_LOAD_LETTER Posted November 24, 2007 Share Posted November 24, 2007 Not EXACTLY what you asked for but might address the problem:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerCreate a new DWORD Value of 'HideRunAsVerb' and set it to 1 will disable the GUI for Runas entirely -even the Properties->Advanced->Run with different credentials on a shortcut doesn't work (it's still there though)Restart explorer to see the differences.Thatll keep them from seeing your users in the gui but any level of user can find your list of users by simply typing 'net user' at a command prompt (assuming they can get a CMD window )as for runas.exe, you cannot rename (windows file protection) it but you can copy it to another name and modify its file privileges your user cannot access it or if you want to disable runas entirely, just set the 'Secondary Logon' service to Disabled Link to comment Share on other sites More sharing options...
Idontwantspam Posted November 24, 2007 Author Share Posted November 24, 2007 Thanks, that looks like what I'm looking for. I'll try that. As for net user, for the user accounts I'm concerned about, I just disable the command prompt entirely (even if they somehow copy + rename it, it'll still be blocked) and under the disallow specified programs policy, I put net.exe as one of them. So, they could still get in somehow, but this should slow them down. Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now