My network security team (or at least the team leader) wants to disable the logon displayed LastUserName in our move to NT. I'm disagreeing on two counts:
1) Users are lazy, especially users with long names like "papadopolous_alexander." They don't want to type this in at every logon, and that's very understandable.
2) As an Admin, I really prefer to see the previous logon name displayed on all machines. I realize there's an Event Log to see a logon, but that can be erased quite easily by anyone clever enough to break a password, so I don't see that as an argument for not displaying LastUserName.
I fail to see a large enough security gain from clearing the name from the logon box to justify this action. Note that we are in a high-security building, also, so probably almost any security leaks would be internal, and not displaying user name would not help this. Am I missing some valid reason? I cannot get a good one from the security team leader, just that he was advised somewhere to do it.
The Anonymous Bureaucrat,
and frankly, quite content not to be
a member of either major US political party.