Tip:Understand and Configure the Welcome Screen and Classic Logon Screen
By default, Windows 7 displays a Welcome screen when a computer is part of a homegroup or workgroup and it displays a Logon screen when a computer is part of a domain.
The Welcome screen provides a list of accounts on the computer. To log on with one of these accounts, you click the account and type a password (if one is required). Note that the Welcome screen does not display all the accounts that have been created on the computer. Some accounts, such as Administrator, are hidden from view. The Welcome screen is convenient because it displays a list of available accounts. But to enhance security in a homegroup or workgroup, you can use the Logon screen instead of the Welcome screen—therefore not displaying a list of accounts.
The Logon screen requires users to type a logon name rather than selecting an account from a list of available accounts. The Logon screen has several features that you can control. By default, the name of the last user to log on is displayed in the User Name field of the Log On To Windows dialog box. You can improve security by hiding the user name of the last user to log on. Instead, users will need to know a valid account name for the computer. To do this, start the Local Security Policy tool from the Administrative Tools menu or type secpol.msc at an elevated command prompt. Then, under Local Policies\Security Options, double-click Interactive Logon: Do Not Display Last User Name. Click Enabled, and then click OK.
You can configure whether the Welcome screen is used through the Always Use Classic Logon setting in Group Policy. For this, you have the following options:
In a domain environment, you can use Active Directory-based Group Policy to apply the security configuration you want to a particular set of computers. You can also configure this setting on a per-computer basis by using local security policy. To configure a homegroup or workgroup computer to use the Logon screen rather than the Welcome screen, use the Group Policy Object Editor, which is an MMC snap-in. You can add this snap-in to an empty console and configure a computer to use the Logon screen by following these steps:
1. Click Start, type gpedit.msc, and then press Enter. This opens the Local Group Policy Editor with the top-level Local Group Policy object open for editing.
2. In the editor, expand Local Computer Policy, Computer Configuration, Administrative Templates, System, Logon.
3. Double-click Always Use Classic Logon.
4. Select Enabled, and then click OK.
In a domain, by default users are required to press Ctrl+Alt+Del to access the Log On To Windows dialog box. You can eliminate this requirement, but it is a poor security practice. To do so, in the Local Security Policy tool, expand Local Policies\Security Options, and then double-click Interactive Logon: Do Not Require Ctrl+Alt+Del. Click Enabled, and then click OK. But, we do not advise disabling this option.