Active Directory Issues

Active Directory Issues » The New Password and confirm password boxes missing at locked screen after password expires

The New Password and confirm password boxes missing at locked screen after password expires

When the GPO policy setting Interactive logon: Do not display last user name is enabled, user machines will not display the user domain name or account logon name. In that case, during password change, the New Password and Confirm Password are not displayed.

GPO policy name Interactive logon: Do not display last user name
Policy path Computer Configuration\Windows Settings\Local Policies\Security Options
Default Disabled
Supported on At least Windows XP SP2, Windows Server 2003
Registry settings MACHINE\Software\Microsoft\Windows\CurrentVersion
\Policies\System\DontDisplayLastUserName
Reboot required No
Vulnerability If a hacker has access to the user machine through Remote Desktop Services (RDP), they can view the name of the last user who logged on to the server and develop a curated brute force or dictionary attack targeting that user and try to log on.

How ADSelfService Plus can help?

ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud applications. It offers Password Expiration Reminder that reminds users to change their passwords, well in advance, via SMS, email, or push notification. ADSelfService Plus also supports a secure web-portal where users can change their soon-to-expire passwords, at anytime, anywhere, while also ensuring password complexity.

Simplify password management with ADSelfService Plus.

Self-service password management and single sign-on solution

ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.