Don't Display Last Username??

["Gibson, Nathan J. (HSC)" <Nathan-Gibson () OUHSC EDU>]

Can I ask how many organization prohibit displaying the username of the
last user on a computer at the login screen? 

 

What are your specific justifications for this? 

 

Every " security best practices" document I have read suggests enabling
this setting on the domain, however I need to justify it. I have a list
that has some good points but I wanted to see the justification other
security practitioners have for their organization.

 

What risk does it help mitigate in your organization?

 

Thanks in advance!

 

V/R,

Gibby

Nathan J. Gibson, CISSP-CISM-CCNA-MCSA

Information Security Analyst

The University of Oklahoma HSC

Office: (405) 271-2476 | Fax: (405) 271-2181 | Cell: (405) 397 5134

http://it.ouhsc.edu/services/infosecurity
<http://it.ouhsc.edu/services/infosecurity> 

______________________________________________

 

"Lack of will power has caused more failure than lack of intelligence or
ability." 
-- Flower A. Newhouse --

 

Confidentiality Notice

This e-mail, including any attachments, contains information from the
University of Oklahoma Health Sciences Center, which may be confidential
or privileged. The information is intended to be for the use of the
individual or entity named above. If you are not the intended recipient,
be aware that any disclosure, copying, distribution or use of the
contents of this information is prohibited.

 

If you have received this e-mail in error, please notify the sender
immediately by a "reply to sender only" message and destroy all
electronic and hard copies of the communication, including attachments.