GPO – Legal Notice/Forget Last User
Recently I came across a client that had an amazing legal notice before you logged into a computer. I also noticed that it didn’t remember who last logged in. This gave a unique level of security and provided a good AUL at the same time. I wanted to guide you through the process. This is done with Group Policy, thus a domain structure is the best bet. The first part is to forget the last logged-in user.
Forgetting the Last logon user
The first step is to start Group Policy Management. Then Create a new group policy object. There are multiple ways to do this, pick your favorite. I named my policy, ForgetLastLogonUser.
Inside the windows Group policy, lets navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. Then we will enable Interactive logon: don’t display last signed-in.
This setup will remove the last logged on user which will help users remember their username and increase security through obscurity.
The next thing they did was setup a legal notice. This is also known as a banner. Lets create another policy like above. I’m going to name my policy, LogonBanner. Click edit on your logonbanner and navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options and double click Interactive Logon: Message text for user attempt to log on. This is where you will define your login message.
Next do the same thing for Interactive Logon: Message title for users attempting to log on.
With both of those in place, this is what it finally looks like.
That’s pretty rad. I hope you all like this little tutorial.
Leave a Reply