The New Password and confirm password boxes missing at locked screen after password expires
When the GPO policy setting Interactive logon: Do not display last user name is enabled, user machines will not display the user domain name or account logon name. In that case, during password change, the New Password and Confirm Password are not displayed.
GPO policy name | Interactive logon: Do not display last user name |
Policy path | Computer Configuration\Windows Settings\Local Policies\Security Options |
Default | Disabled |
Supported on | At least Windows XP SP2, Windows Server 2003 |
Registry settings | MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\System\DontDisplayLastUserName |
Reboot required | No |
Vulnerability | If a hacker has access to the user machine through Remote Desktop Services (RDP), they can view the name of the last user who logged on to the server and develop a curated brute force or dictionary attack targeting that user and try to log on. |
How ADSelfService Plus can help?
ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud applications. It offers Password Expiration Reminder that reminds users to change their passwords, well in advance, via SMS, email, or push notification. ADSelfService Plus also supports a secure web-portal where users can change their soon-to-expire passwords, at anytime, anywhere, while also ensuring password complexity.
Simplify password management with ADSelfService Plus.
Self-service password management and single sign-on solution
ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.
- Related Products