traditional three finger salute logon

One of the things I've done to protect my client systems in my SBS Network is to set the Policy that forces the standard three finger salute dialog box for log on (not Fast User Switching) AND to set the policy that hides the previously logged on user.
ASIDE: If MS is lurking I hope that released Vista will also make it possible to hide the logged on user when prompting for the screen saver password. It should be possible to force the user to always offer up two pieces of information to get into the system when either there is no one logged on or it is locked.
REQUEST: Please, what are the exact directions to get this type of behavior in Vista? For those of us who are new to this please start with something like Start | Administrative Tools ... or what have you. (I was appalled to see the SBS style GPO dialog come up when I tried to do client stuff. I still haven't figured that all out for the server. I sure didn't want to see it on the client:-((
ASIDE: Lurkers from MS, you might ask your grandpa what it was like dealing with IBM main frame OS's back in the 60's. You will then learn why PC's caught on. You could get your work done while thumbing your nose at the priesthood in MIS that tended the alter of the corporate mainframe and its 3270 terminals. Let's put the personal back in PC while keeping in mind KISS.
Again I want to get rid of Fast User Switching style logon. (I don't care whether FUS goes away, just that style of logon.) AND I want to make sure that the last user ID is NOT displayed when logging in. In detail, how to I do this.
Regards, Al Christoph Three Bears Software, LLC just right software @ just right prices @ 3bears.biz

OK, the screenshot you are referring to is the blue background with the different coloured verticla streaks - this is the logon window. That's it, that's how it's staying for the time being :o(
I don't prefer it at all to be honest - but I think that they'll bring it back in... eventually. I should hope anyway :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: http://msblog.resdev.net » ZackNET Forum: www.zacknet.co.uk/forum » VistaBase: www.zacknet.co.uk/vistabase » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!

Thanks for the prompt reply. Here's what I've learned since I wrote:
Thanks to the nice person in some other thread in the group who put me on to SecPol.msc as the way to do local policy on the PC. Once SecPol.msc brought up the appropriate window I was able to navigate to Security Settings | Local Policies | Security Options and modify the properties of the policies beginning with "Interactive logon:" that I had traditionally used.
Fixing those policies gave me everything I asked for in the Vista Way. It got rid of the Fast User Switching screen and gave me user id and password fields to type in. (I'll have to get used to having the label in the field:-( This was also true of unlocking after the screen saver had at it. (I really didn't want the exact visual look just the functionality.)
My only remaining gripes are two fold: 1. The domain drop down box is lost. This may save a lot of confusion and improve security but I will have to get used to typing domainname\userid. 2. MS LURKERS TAKE NOTE: The message displayed when the screen is locked gives away the user id! This is a big security no-no!!! It gives the information needed to unlock the screen. I strongly suspect that such information is provided so that folk can track down who is hogging the only computer in the office and has walked away from it for a coffee break leaving it locked. (Yeah, right. But years ago that might have mattered.) At any rate the Display Name of the user rather than the user ID is what should be in that message. And if Domain Admins build their user list appropriately than THAT would allow you to track down the right person.
This issue is resolved. What I want to do is doable as documented above. The improvement I wanted is there if slightly flawed. Good Show MS Development team.
Regards,\ Al
"Zack Whittaker (R2 Mentor)" wrote in message

OK, the screenshot you are referring to is the blue background with the different coloured verticla streaks - this is the logon window. That's it, that's how it's staying for the time being :o(
I don't prefer it at all to be honest - but I think that they'll bring it back in... eventually. I should hope anyway :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: http://msblog.resdev.net » ZackNET Forum: www.zacknet.co.uk/forum » VistaBase: www.zacknet.co.uk/vistabase » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!

But when the user locks the screen in XP, there username is displayed on screen as well. You may think this is a security-no-no, but there's no other pheasable way round it I don't think :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: http://msblog.resdev.net » ZackNET Forum: www.zacknet.co.uk/forum » VistaBase: www.zacknet.co.uk/vistabase » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!

Just because XP and previous systems do it that way doesn't make it right, especially not in an OS that is going to be sold partially based on enhanced security.
1. The time has passed when PC's were scarce resources in a group environment. As I pointed out the only reason for displaying anything about who has the PC locked is for some other user to track down the rude culprit. Advertising who has the PC locked should at best be an option to be turned on. MS LURKERS TAKE NOTE of that last sentence.
2. In group environments, it's quite likely that there is a source of displayable names i.e. the Active Directory. That display name should be what is in the message if display of user info in the message is turned on.
3. It should not be a great effort on MS's part to add a displayable name to the user attributes for use in a non-active directory environment i.e. in peer-to-peer networks.. (Sure they have to be able to translate Display Name to a gazillion leagues and write help explaining what's going on, but the rest of it is or should be an hour or two's work for someone.)
4. If you review the literature - I came across a good paper on the subject last week - you will see that two piece entry schemes are the best. You should have to be able to identify yourself uniquely (user id) and provide proof that it is you (your password, not necessarily unique.) IMHO both should be secrets.
Incidentally, thumb print scanners are the rage now as an alternative to passwords. BAD IDEA. There is a wonderful paper from Japan I came across describing how to make gummy fingers (as in gummy bears) that fooled then current technology (2003) a remarkably high percentage of the time. You could even lift fingerprints and make a successful fake finger! And all with readily available and inexpensive technology. Give me a memorable but strong password any day!
Regards, Al
"Zack Whittaker (R2 Mentor)" wrote in message

But when the user locks the screen in XP, there username is displayed on screen as well. You may think this is a security-no-no, but there's no other pheasable way round it I don't think :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: http://msblog.resdev.net » ZackNET Forum: www.zacknet.co.uk/forum » VistaBase: www.zacknet.co.uk/vistabase » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!

Will wonders never cease. I stumbled across exactly the setting I want:
Interactive Logon: Display user information when session is locked. It has a variety of options from saying nothing to spilling the beans.
Unfortunately this is only in ES 2003 and Windows SBS 2003.
Hey LURKERS on the Vista development team: If it's important in the server world where the boxes tend to be under tight security, how much more important this is in the client world where things are hanging out in the open. Let's get this some future set of bits before final release to manufacturing.
Incidentally, i consider this important enough that I almost wrote a screen saver to be able to do it in Windows XP.
Regards, Al
"Zack Whittaker (R2 Mentor)" wrote in message

But when the user locks the screen in XP, there username is displayed on screen as well. You may think this is a security-no-no, but there's no other pheasable way round it I don't think :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: http://msblog.resdev.net » ZackNET Forum: www.zacknet.co.uk/forum » VistaBase: www.zacknet.co.uk/vistabase » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!

Look, I promise you that they will *not* remove the current logged on user from the locked workstation screen. OK it might well be secure, but what if it was locked and nobody knows who's using it? What if someone went home early and left their machine on? It's not going to change - I bet my left kidney on it.
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: http://msblog.resdev.net » ZackNET Forum: www.zacknet.co.uk/forum » VistaBase: www.zacknet.co.uk/vistabase » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Al Christoph" wrote in message

Will wonders never cease. I stumbled across exactly the setting I want:
Interactive Logon: Display user information when session is locked. It has a variety of options from saying nothing to spilling the beans.
Unfortunately this is only in ES 2003 and Windows SBS 2003.
Hey LURKERS on the Vista development team: If it's important in the server world where the boxes tend to be under tight security, how much more important this is in the client world where things are hanging out in the open. Let's get this some future set of bits before final release to manufacturing.
Incidentally, i consider this important enough that I almost wrote a screen saver to be able to do it in Windows XP.
Regards, Al
"Zack Whittaker (R2 Mentor)" wrote in message But when the user locks the screen in XP, there username is displayed on screen as well. You may think this is a security-no-no, but there's no other pheasable way round it I don't think :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: http://msblog.resdev.net » ZackNET Forum: www.zacknet.co.uk/forum » VistaBase: www.zacknet.co.uk/vistabase » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!

Word brother! One hand on the budwiser and the other on the F12 hotkey = Reboot.exe Office 12 str8 sucks!!! Crashes left and right...! Beta Release 2007 XPS is hurtin me!
= )
"Al Christoph" wrote in message

One of the things I've done to protect my client systems in my SBS Network is to set the Policy that forces the standard three finger salute dialog box for log on (not Fast User Switching) AND to set the policy that hides the previously logged on user.
ASIDE: If MS is lurking I hope that released Vista will also make it possible to hide the logged on user when prompting for the screen saver password. It should be possible to force the user to always offer up two pieces of information to get into the system when either there is no one logged on or it is locked.
REQUEST: Please, what are the exact directions to get this type of behavior in Vista? For those of us who are new to this please start with something like Start | Administrative Tools ... or what have you. (I was appalled to see the SBS style GPO dialog come up when I tried to do client stuff. I still haven't figured that all out for the server. I sure didn't want to see it on the client:-((
ASIDE: Lurkers from MS, you might ask your grandpa what it was like dealing with IBM main frame OS's back in the 60's. You will then learn why PC's caught on. You could get your work done while thumbing your nose at the priesthood in MIS that tended the alter of the corporate mainframe and its 3270 terminals. Let's put the personal back in PC while keeping in mind KISS.
Again I want to get rid of Fast User Switching style logon. (I don't care whether FUS goes away, just that style of logon.) AND I want to make sure that the last user ID is NOT displayed when logging in. In detail, how to I do this.
Regards, Al Christoph Three Bears Software, LLC just right software @ just right prices @ 3bears.biz

Oookay... thanks Muxster...
-- Zack Whittaker » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: www.msblog.org » Vista Knowledge Base: www.vistabase.co.uk » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared that up!
--- Original message follows --- "muxster" wrote in message

Word brother! One hand on the budwiser and the other on the F12 hotkey = Reboot.exe Office 12 str8 sucks!!! Crashes left and right...! Beta Release 2007 XPS is hurtin me!
= )
"Al Christoph" wrote in message One of the things I've done to protect my client systems in my SBS Network is to set the Policy that forces the standard three finger salute dialog box for log on (not Fast User Switching) AND to set the policy that hides the previously logged on user.
ASIDE: If MS is lurking I hope that released Vista will also make it possible to hide the logged on user when prompting for the screen saver password. It should be possible to force the user to always offer up two pieces of information to get into the system when either there is no one logged on or it is locked.
REQUEST: Please, what are the exact directions to get this type of behavior in Vista? For those of us who are new to this please start with something like Start | Administrative Tools ... or what have you. (I was appalled to see the SBS style GPO dialog come up when I tried to do client stuff. I still haven't figured that all out for the server. I sure didn't want to see it on the client:-((
ASIDE: Lurkers from MS, you might ask your grandpa what it was like dealing with IBM main frame OS's back in the 60's. You will then learn why PC's caught on. You could get your work done while thumbing your nose at the priesthood in MIS that tended the alter of the corporate mainframe and its 3270 terminals. Let's put the personal back in PC while keeping in mind KISS.
Again I want to get rid of Fast User Switching style logon. (I don't care whether FUS goes away, just that style of logon.) AND I want to make sure that the last user ID is NOT displayed when logging in. In detail, how to I do this.
Regards, Al Christoph Three Bears Software, LLC just right software @ just right prices @ 3bears.biz