How to Enable or Disable Show Local Users on Sign-in Screen on Domain Joined Windows 10 PC
A network based on a Domain provides centralized administration of the entire network from a single computer which is called a server. A Domain provides single user login from any computer connected to that network within the network perimeter. Users are allowed (or restricted) to access resources depending upon the permissions they have.
By default, local user accounts are not shown (enumerated) on the sign-in screen on domain-joined computers. Only domain accounts will show on the sign-in screen by default on domain-joined computers.
This tutorial will show you how to enable or disable showing all local users on the sign-in screen on a domain joined Windows 10 PC.
You must be signed in as an administrator to enable or disable enumerate local users on sign-in screen on domain-joined computers.
CONTENTS:
- Option One: Enable or Disable Show Local Users on Sign-in Screen on Domain Joined PC in Local Group Policy Editor
- Option Two: Enable or Disable Show Local Users on Sign-in Screen on Domain Joined PC using a REG file
EXAMPLE: Default disable showing local accounts on sign-in screen on domain-joined Windows 10 PC
OPTION ONE
Enable or Disable Show Local Users on Sign-in Screen on Domain Joined PC in Local Group Policy Editor
The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.
All editions can use Option TWO below.
1. Open the
Local Group Policy Editor.
2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)
Computer Configuration\Administrative Templates\System\Logon
3. In the right pane of
Logon in Local Group Policy Editor, double click/tap on the
Enumerate local users on domain-joined computers policy to edit it. (see screenshot above)
4. Do
step 5 (enable) or
step 6 (disable) below for what you would like to do.
5. To Enable Show Local Users on Sign-in Screen on Domain Joined PC
A) Select (dot)
Enabled, click/tap on
OK, and go to
step 7 below. (see screenshot below)
6. To Disable Show Local Users on Sign-in Screen on Domain Joined PC
A) Select (dot)
Not Configured or
Disabled, click/tap on
OK, and go to
step 7 below. (see screenshot below)
Not Configured is the default setting.
7. When finished, you can close the Local Group Policy Editor if you like.
OPTION TWO
Enable or Disable Show Local Users on Sign-in Screen on Domain Joined PC using a REG file
The downloadable .reg files below will add and modify the DWORD value in the registry key below.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
EnumerateLocalUsers DWORD
(delete) = Disable
1 = Enable
1. Do
step 2 (enable) or
step 3 (disable) below for what you would like to do.
2. To Enable Show Local Users on Sign-in Screen on Domain Joined PC
A) Click/tap on the Download button below to download the file below, and go to
step 4 below.
Enable_show_local_users_on_sign-in_screen_on_domain-joined_computers.reg
Download
3. To Disable Show Local Users on Sign-in Screen on Domain Joined PC
This is the default setting.
A) Click/tap on the Download button below to download the file below, and go to
step 4 below.
Disable_show_local_users_on_sign-in_screen_on_domain-joined_computers.reg
Download
4. Save the .reg file to your desktop.
5. Double click/tap on the downloaded .reg file to merge it.
6. When prompted, click/tap on
Run,
Yes (
UAC),
Yes, and
OK to approve the merge.
7. You can now delete the downloaded .reg file if you like.
That's it,
Shawn