How to enter User Name on non-domain joined machine for local admin accounts

When creating tech accounts with TechIDManager on a local computer that is NOT domain joined, and when using “DomainService.exe HideOnLoginScreen” there is normally no way to type in a user name on the login screen. This is the Microsoft default since Windows 10 build 1703.

There are two options to be able to enter arbitrary usernames and passwords to login. Option 1 is to install TechIDManagerWCP and add the “Other User” tile to the windows login screen. 

Option 2 is to change some of the windows login default options to force all users to enter a username when they login. 

Which option you use is really up to you. Both have advantages. Option 1 doesn’t require the user to remember their name like option 2 does (which can be a big deal). Option 2 is more inline with current security recommendations. 

Option 1 (TechIDManagerWCP and the “Other User” tile)

We wrote a Windows Credential Provider (WCP) to add an “Other User” tile to the windows login screen for a workgroup machine. To install TechIDManagerWCP run this PowerShell script on the target machine. It will download the required dll, register it’s COM assembly, and then set it up as an additional credential provider on that machine. This can really be used with any windows machine, but is only needed in a non-domain joined machine with hidden accounts that need to login. 

>>> InstallTechIDManagerWCP.ps1 <<< (Note you probably need to right click and save as)

 

Option 2 (Change windows login defaults)

The way to get the username textbox is to set some policies related to the username displayed at sign-in.

WARNING: This will require everyone that logs in to the machine to type their username.

Generally there are two ways to do this. This can be done with the policy editor:

  1. Run secpol.msc
  2. Change “Local Policies” -> “Security Options” -> “Interactive logon: Don’t display username at sign-in” to “Disabled”
  3. Change “Local Policies” -> “Security Options” -> “Interactive logon: Don’t display last signed-in” to “Enabled”

Or this can be done with registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

DontDisplayUserName : DWORD : 0
dontdisplaylastusername : DWORD : 1 

Specific directions for this can be found at https://www.tenforums.com/tutorials/118252-enable-disable-dont-display-username-sign-windows-10-a.html .

Change these and reboot the machine to be able to enter any valid username to login.