How to Enable or Disable Show Local Users on Sign-in Screen on Domain Joined Windows 10 PC


A network based on a Domain provides centralized administration of the entire network from a single computer which is called a server. A Domain provides single user login from any computer connected to that network within the network perimeter. Users are allowed (or restricted) to access resources depending upon the permissions they have.

By default, local user accounts are not shown (enumerated) on the sign-in screen on domain-joined computers. Only domain accounts will show on the sign-in screen by default on domain-joined computers.

This tutorial will show you how to enable or disable showing all local users on the sign-in screen on a domain joined Windows 10 PC.

You must be signed in as an administrator to enable or disable enumerate local users on sign-in screen on domain-joined computers.


 CONTENTS:

  • Option One: Enable or Disable Show Local Users on Sign-in Screen on Domain Joined PC in Local Group Policy Editor
  • Option Two: Enable or Disable Show Local Users on Sign-in Screen on Domain Joined PC using a REG file


EXAMPLE: Default disable showing local accounts on sign-in screen on domain-joined Windows 10 PC
Click image for larger version. 

Name:	Domain_sign-in_Windows_10.jpg 
Views:	58 
Size:	94.9 KB 
ID:	228599






Enable Show Local Users on Sign-in Screen on Domain Joined Windows 10 OPTION ONE Enable Show Local Users on Sign-in Screen on Domain Joined Windows 10
Enable or Disable Show Local Users on Sign-in Screen on Domain Joined PC in Local Group Policy Editor

The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

All editions can use Option TWO below.

1. Open the Local Group Policy Editor.

2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

Computer Configuration\Administrative Templates\System\Logon

Name:  Enumerate_local_users_on_domain-joined_computers-1.jpg
Views: 231
Size:  83.9 KB

3. In the right pane of Logon in Local Group Policy Editor, double click/tap on the Enumerate local users on domain-joined computers policy to edit it. (see screenshot above)

4. Do step 5 (enable) or step 6 (disable) below for what you would like to do.


 5. To Enable Show Local Users on Sign-in Screen on Domain Joined PC

A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)


 6. To Disable Show Local Users on Sign-in Screen on Domain Joined PC

A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

Not Configured is the default setting.

Name:  Enumerate_local_users_on_domain-joined_computers-2.png
Views: 224
Size:  15.5 KB

7. When finished, you can close the Local Group Policy Editor if you like.






Enable Show Local Users on Sign-in Screen on Domain Joined Windows 10 OPTION TWO Enable Show Local Users on Sign-in Screen on Domain Joined Windows 10
Enable or Disable Show Local Users on Sign-in Screen on Domain Joined PC using a REG file

The downloadable .reg files below will add and modify the DWORD value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

EnumerateLocalUsers DWORD

(delete) = Disable
1 = Enable



1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.


 2. To Enable Show Local Users on Sign-in Screen on Domain Joined PC

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Enable_show_local_users_on_sign-in_screen_on_domain-joined_computers.reg

download


 3. To Disable Show Local Users on Sign-in Screen on Domain Joined PC

This is the default setting.

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Disable_show_local_users_on_sign-in_screen_on_domain-joined_computers.reg

download

4. Save the .reg file to your desktop.

5. Double click/tap on the downloaded .reg file to merge it.

6. When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7. You can now delete the downloaded .reg file if you like.


That's it,
Shawn