last username to logon NOT being displayed ?? 5

[pctekk]

Is there a virus/trojan that would cause several servers, Win 2k to change the registry key for the last username to not be displayed on logon ??

seems like a trojan that changed all our servers to not display the last username.

thanks for any help

BigL

 

[Stiddy]

Check with your security guru's. Maybe they changed it. I know if you apply C2 security, that change is made. Dont really see where this is a bad thing though.

 

[sham14]

Is it possible that someone applied this setting in a GPO. It is good practice not to have previous username show up on logon.

 

[justcurious]

Not showing the last username to log in is a good policy. Our security dept. insists that it is enabled on all of our NT and Win2K servers.

How many administrators do you have? Is it possible someone else has been enabling this policy on your servers and hasn't informed everyone? Sometimes people forget that communication and documentation are important administrative functions.

It happens from time to time in our group.

 

[arlems]

A log book is a key tool to keep track of what got done with a system. You can buy cheap log books, and put one next to each server you have, or have some kind of computer database where administrators log any step they have done with a controller or server. Administrator Joe added a user; he writes it down with date and time. Administrator Bill changed a policy; he writes it down, etc.. Everything gets log no matter what, so that anyone can take over an operation and know what was done or not done with any piece of equipment.

One may think that this is a huge admin exercice. It is not because it is very simple to do; however, it can save you thousands hours of downtime.

The trick is to log what got done every single time. This can be enforced in many simple ways. I observed that those who won't log are usually the ones who don't know what they are doing.

Have a try at it.

 

[pctekk]

Thank ALL

actually, he didnt change anything, he was/is out in training all week.

so i'm dumbfounded......but will continue.....

 

[dholbrook]

I agree, you have a group policy that has been set to turn off the username if all your systems are doing it. If the ADMIN is out, I would be even more worried, as that means someone else had admin level access.......

Personnaly, I HIGHLY recommend it, especially if your security policy can also lock out an account after a few bad tries (Also HIGHLY RECOMMENDED!).

Highly recommend the log book, especially for all servers, as it can then track all changes in hardware and software, making trouble shooting so much easier (especially at 2am!).

From experience, you DO NOT WANT users to try logging in after you have been working on their machines if YOUR username is the one left on the system, as your account will quickly be the one locked out! Been there, done that too many times, and have been forced to do the "Do not display the last username route" too many times as a self protection step, especially if the lock out is only three tries. Users do not read, they only enter their password if they are used to doing only that.

HTH
David

 

[arlems]

Common sense, that's all it is. Whoever has ever navigated ships at sea knows that you have to have your "ADMIN" in, and that a log book is the key tool to find what happened before you took the wheel. The log book tells you where you are. It feels good to sit in an operation room with many servers around, and know where you are, who was there before you, and what got changed on each system. The guy who can't keep this simple basic in is asking for troubles, tons of troubles.