Re: Hide Username when pc awakes

I read your article, and found it quite informative. Your advice is great for
corporate and enterprise environments. Unfortunately, I am a student! :-)

Now the machine in question is my IBM ThinkPad. When you turn on the laptop,
you need to enter a BIOS password, and then a hard disk password, before the
system will begin to boot Windows XP Pro. Now when Windows brings me to the
login dialog-box (the older Windows 2000 style), it requires me to press
CTRL+ALT+DEL. Then I must type in my User ID, followed by my password.

As you can see, I have several safeguards in place so that, in the event
that my ThinkPad is stolen, it is useless to the average thief.

Now when I am in class, and need to get something from the front of the room
(I am several meters away and the only door is at the front of the room where
the teacher's desk is, which is my destination, so I can see if someone tries
to get away with it in our small classroom), I would lock my computer. When I
return I have to type in my User ID and password (I can't remember if it
tells you my User ID or not in the text of the dialog-box [not the text box -
that's blank], but I don't want it to). But if I put my computer to sleep...
when it wakes up, it shows my user id!!! I don't want it to do that.

So basically, the User ID is acting like another password: so if someone
manages to get to the log-in box, not only do they need my password, but they
need to know my User ID (my User ID is not Richard!). So now I have made it
much harder for them to gain access to my system. At the very least, it will
prevent anyone from trying to "guess" my password... they'll have to guess my
User ID first!

See?

"Steve Riley [MSFT]" wrote:

Richard--why do you believe that hiding your user name makes you more
secure? Logging onto a computer requires two things: making an identity
claim and then proving that claim. There's an important element of security
science here that's good to understand. User IDs are claims of identity:
they are public declarations. Proof of such claims requires that the person
making the claim have knowledge of a secret that the system can then
validate.

User IDs are never designed to be secret, so don't worry about whether
someone can find out your ID. Your password, however, is very much a secret.
Because only you know your password, this is how you prove your identity
claim. The system can validate that you entered the correct password without
having to know the password itself.

I wrote a longer article about this here:
http://www.microsoft.com/technet/community/columns/secmgmt/sm0206.mspx

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Richard" <fdr@xxxxxxxxx> wrote in message
news:F0E8E1A4-48BE-43A8-ABBF-38B9A8E3DFAF@xxxxxxxxxxxxxxxx
Perfect! Now I have a lead to work with.

Thank-you very much Vinson!

"Vinson" wrote:

The Windows component you asking about is called the GINA. It is a DLL
can
be replaced by your own code, or by a third-party's GINA. Microsoft has
a
Platform Software Development Kit (SDK) that has GINA samples in it. The
link below provides more about the GINA, and Winlogon. Obviously, you
can
make the login habits anyway you like if you write it yourself.

http://msdn2.microsoft.com/en-us/library/aa380543.aspx

Personally, I would not replace the GINA since there is plenty of room
for
security problems in a custom version, but if you really want to try
explore
this possibility, pGINA is an open source version that you can find on
the
net.

As for a simple registry key change or radio button to change the habit
of
the GINA after waking from hibernation, I have not come across such a
solution. That is not to say that it does not exist, of course...

I hope this helps in your research.

- Vinson

"Richard" wrote:

Can anyone else shed some insight? Links that describe this perhaps?

It's rather silly on Microsoft's part if you cannot change this.

"CiPh3rT3kSt" wrote:

I dont believe this is possible whenever the pc is awakening from
stand by
mode.

--
CiPh3rT3kSt
MCSE: Security 2003, CCNA, Security+


"Richard" wrote:

Hello. I have already done a registry trick to hide the default (or
last user
to use the computer) user account name from showing up at the
Windows Logon
dialog box (the old fashioned one). That way, I have to manually
type my user
name and password in.

But if I put my laptop to sleep... when it awakes, it prompts me
for my
password, but it shows my user account name! I want to hide my user
name from
showing up. That way it's more secure.

How would I go about doing this?

Thanks in advance


.