Educause Security Discussion mailing list archives

Re: Don't Display Last Username??

From: "Rizzo, Jim" <JRIZZO () PROVIDENCE EDU>
Date: Thu, 11 Oct 2007 14:55:30 -0400

We do this in our computer labs, not for security reasons but because it
forces people to get used to entering a username.  It would be nice to
do this for everyone as people wouldn't call asking why it says
"administrator" when they go back to their computer after we've fixed
it.  J

 

Jim

 

---

Jim Rizzo

Helpdesk Manager

Providence College Information Technology

(401) 865-1277

jrizzo () providence edu

AIM: JRizzoPC

http://itweb.providence.edu/helpdesk

 

From: Gibson, Nathan J. (HSC) [mailto:Nathan-Gibson () OUHSC EDU] 
Sent: Thursday, October 11, 2007 2:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Don't Display Last Username??

 

Can I ask how many organization prohibit displaying the username of the
last user on a computer at the login screen? 

 

What are your specific justifications for this? 

 

Every " security best practices" document I have read suggests enabling
this setting on the domain, however I need to justify it. I have a list
that has some good points but I wanted to see the justification other
security practitioners have for their organization.

 

What risk does it help mitigate in your organization?

 

Thanks in advance!

 

V/R,

Gibby

Nathan J. Gibson, CISSP-CISM-CCNA-MCSA

Information Security Analyst

The University of Oklahoma HSC

Office: (405) 271-2476 | Fax: (405) 271-2181 | Cell: (405) 397 5134

http://it.ouhsc.edu/services/infosecurity
<http://it.ouhsc.edu/services/infosecurity> 

______________________________________________

 

"Lack of will power has caused more failure than lack of intelligence or
ability." 
-- Flower A. Newhouse --

 

Confidentiality Notice

This e-mail, including any attachments, contains information from the
University of Oklahoma Health Sciences Center, which may be confidential
or privileged. The information is intended to be for the use of the
individual or entity named above. If you are not the intended recipient,
be aware that any disclosure, copying, distribution or use of the
contents of this information is prohibited.

 

If you have received this e-mail in error, please notify the sender
immediately by a "reply to sender only" message and destroy all
electronic and hard copies of the communication, including attachments.

Current thread:

Don't Display Last Username?? Gibson, Nathan J. (HSC) (Oct 11)
- <Possible follow-ups>
- Re: Don't Display Last Username?? Rizzo, Jim (Oct 11)
- Re: Don't Display Last Username?? Jarrod Millman (Oct 11)
- Re: Don't Display Last Username?? Gregg, Christopher S. (Oct 11)
- Re: Don't Display Last Username?? Gary Dobbins (Oct 11)
- Re: Don't Display Last Username?? Cal Frye (Oct 11)
- Re: Don't Display Last Username?? Dennis Tracz (Oct 11)
- Re: Don't Display Last Username?? Eric Case (Oct 11)
- Re: Don't Display Last Username?? Matthew Keller (Oct 12)
- Re: Don't Display Last Username?? Abreu, Jose A (Oct 12)