Hide usernames in RunAs dialog

[Idontwantspam]

In order to keep people from knowing the usernames of accounts on my computer, I have implemented the policy setting to hide the username of whoever logged on most recently. However, users can still right-click on any program or link to a program and choose runas and see a list of all the administrator accounts on the computer. Is there any way to hide them on this list, too?

[neo]

Run Registry Editor and navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

If the SpecialAccounts and UserList keys don't exist, create them. Create a DWORD Value and named extact to <user name> you want to suppress. Leave its data set to 0. Reboot.

Now that user name will not appear on the Welcome screen - to log in with that account you'll press Ctrl+Alt+Del twice at the Welcome screen and enter the username/password. I *think* it will also not show up in the Run As dialog.

I have not tried yet ! But I hope it'll.............

Thanks for your Restrict individual users with group policy! Tutorial ! AWESOME

[Idontwantspam]

I tried that, but it didn't work. I think there is a way to turn it off completely as I seem to recall having seen someone's computer who had it set up that way, but I don't remember who's it was or how they did it.

Oh, and thanks for the complement, I'm glad you liked it.

Edited November 24, 2007 by Idontwantspam

[PC_LOAD_LETTER]

Not EXACTLY what you asked for but might address the problem:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

Create a new DWORD Value of 'HideRunAsVerb' and set it to 1 will disable the GUI for Runas entirely -even the Properties->Advanced->Run with different credentials on a shortcut doesn't work (it's still there though)

Restart explorer to see the differences.

Thatll keep them from seeing your users in the gui but any level of user can find your list of users by simply typing 'net user' at a command prompt (assuming they can get a CMD window )

as for runas.exe, you cannot rename (windows file protection) it but you can copy it to another name and modify its file privileges your user cannot access it

or if you want to disable runas entirely, just set the 'Secondary Logon' service to Disabled

[Idontwantspam]

Thanks, that looks like what I'm looking for. I'll try that.

As for net user, for the user accounts I'm concerned about, I just disable the command prompt entirely (even if they somehow copy + rename it, it'll still be blocked) and under the disallow specified programs policy, I put net.exe as one of them. So, they could still get in somehow, but this should slow them down. Thanks.