Educause Security Discussion mailing list archives

Re: Don't Display Last Username??

From: "Gregg, Christopher S." <csgregg () STTHOMAS EDU>
Date: Thu, 11 Oct 2007 14:04:47 -0500

We do the same here.  Blank out the username in labs to avoid failed logins,
and leave them in there on standard desktops.  Removing them for all is
something we have considered but it isn't near the top of the "to do" list.



Chris Gregg
Director of Information Security
Information Resources and Technologies
University of St. Thomas
Phone: 651.962.6265





  _____

From: Rizzo, Jim [mailto:JRIZZO () PROVIDENCE EDU]
Sent: Thursday, October 11, 2007 1:56 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Don't Display Last Username??



We do this in our computer labs, not for security reasons but because it
forces people to get used to entering a username.  It would be nice to do
this for everyone as people wouldn't call asking why it says "administrator"
when they go back to their computer after we've fixed it.  :-)



Jim



---

Jim Rizzo

Helpdesk Manager

Providence College Information Technology

(401) 865-1277

jrizzo () providence edu <mailto:jrizzo () providence edu>

AIM: JRizzoPC

http://itweb.providence.edu/helpdesk



From: Gibson, Nathan J. (HSC) [mailto:Nathan-Gibson () OUHSC EDU]
Sent: Thursday, October 11, 2007 2:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Don't Display Last Username??



Can I ask how many organization prohibit displaying the username of the last
user on a computer at the login screen?



What are your specific justifications for this?



Every " security best practices" document I have read suggests enabling
this setting on the domain, however I need to justify it. I have a list that
has some good points but I wanted to see the justification other security
practitioners have for their organization.



What risk does it help mitigate in your organization?



Thanks in advance!



V/R,

Gibby

Nathan J. Gibson, CISSP-CISM-CCNA-MCSA

Information Security Analyst

The University of Oklahoma HSC

Office: (405) 271-2476 | Fax: (405) 271-2181 | Cell: (405) 397 5134

 <http://it.ouhsc.edu/services/infosecurity>
http://it.ouhsc.edu/services/infosecurity

______________________________________________



"Lack of will power has caused more failure than lack of intelligence or
ability."
-- Flower A. Newhouse --



Confidentiality Notice

This e-mail, including any attachments, contains information from the
University of Oklahoma Health Sciences Center, which may be confidential or
privileged. The information is intended to be for the use of the individual
or entity named above. If you are not the intended recipient, be aware that
any disclosure, copying, distribution or use of the contents of this
information is prohibited.



If you have received this e-mail in error, please notify the sender
immediately by a "reply to sender only" message and destroy all electronic
and hard copies of the communication, including attachments.

Current thread:

Don't Display Last Username?? Gibson, Nathan J. (HSC) (Oct 11)
- <Possible follow-ups>
- Re: Don't Display Last Username?? Rizzo, Jim (Oct 11)
- Re: Don't Display Last Username?? Jarrod Millman (Oct 11)
- Re: Don't Display Last Username?? Gregg, Christopher S. (Oct 11)
- Re: Don't Display Last Username?? Gary Dobbins (Oct 11)
- Re: Don't Display Last Username?? Cal Frye (Oct 11)
- Re: Don't Display Last Username?? Dennis Tracz (Oct 11)
- Re: Don't Display Last Username?? Eric Case (Oct 11)
- Re: Don't Display Last Username?? Matthew Keller (Oct 12)
- Re: Don't Display Last Username?? Abreu, Jose A (Oct 12)