“Normally when a Windows workstation or server is locked, you’ll see something similar to the following Windows Security message:
This computer is in use and has been locked.
Only DOMAINUSER (user name) or an administrator can unlock this computer.
To not show the name of the user who has locked a computer, the following can be defined in a workstation level GPO
Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive logon: Display user information when the session is locked.
There are three choices if you enable this policy:
User display name, domain and user names (default setting)
User display name only
Do not display user information
Besides being able to apply this to Active Directory GPOs, this setting appears in the local security policy on my Windows XP SP3 VM. The setting is not available on my XP SP2 laptop, but I see from KB837022 there is a hotfix that corrects this problem in XP SP2.
Alternatively, the following DWORD can be created in the registry of XP SP2, Windows Vista, and Windows Server 2008 machine to accomplish the same thing:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemDontDisplayLockedUserId
User display name, domain and user names = 1
User display name only = 2
Do not display user information =3
You need to restart the machine for the change to take effect.
You may also be interested in the related Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive logon: Do not display last user name setting. This security setting determines whether the name of the last user to log on”