Last signed-in username is displayed at Logon or lock screen
Description
An attacker who gains access to the system either directly or through Remote Desktop session could view the name of the last user who logged on to the system. He can then guess the password using a dictionary, or try using a brute-force attack to log on. It is advisable to hide the username at Logon screen and lock screen to make Brute force attacks difficult by having two blank fields to crack in the logon screen.
Severity
Important
Category
Logon Security
Resolution
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'Interactive logon: Don't display last signed-in' to 'Enabled'.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.