I support a network using Server 2008 Domain Controllers, and mainly Windows XP workstations. We have various group policy rules in place, one of them restricting that the previous logged on user's name is not shown at the logon prompt (may be relavant to question). We are preparing to deploy Windows 7 and have a single workstation being used by a user to iron out any bugs or issues. One strange thing that has been noticed is that when the user locks the workstation, she sees two icons for her user on the lock screen, both showing Domain\Username Locked . Why two icons, and can one be removed? Second question: Due to our group policy entry for previous username being removed, on the login screen, after pressing CTRL-ALT-DELETE , I see a black box with "Other" underneath. Without the policy, it showed the previous user as one box and "Other" as the other box. Any way to change the text here to something like "Company Name user"? Many Thanks in advance for any replies!

> One strange thing that has been noticed is that when the user locks the workstation, she sees two icons for her user on the > lock screen, both showing Domain\Username Locked . Why two icons, and can one be removed? Are both the icons, connecting user to the same session? I any case, this behavior is weird. One simple test is to create a new OU without any of your group policies inherited, move the Windows 7 computer to the new OU and see how it goes. A next level would to be move user object as well to the new OU without policies to verify if existing policies are the culprits. You are the Knowledge You have MyWordPress; MyBlogSpot; MyMicrosoft; MyCitrix; MyVMWare; MySymantec; MyLinkedIn; MyFaceBook; MyGReader;

Yes, both icons seem duplicate - connecting to the same session. I will attempt your suggestion when I next get a chance to take control of the workstation for a while, and report back. Thanks.

As Govardhan has said try putting it into an OU without any policies, easiest it to move it back to the original Computers Folder as by default this does not get any policies applied except default domain. Do other users get the same issues appear when they login and then lock it? i.e when you loginPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. If you find an answer helpful then please "Vote As Helpful"

Revisiting this issue again today, as would be nice to get it solved: Following the advice from Govardhan to drop this into the "Computers" OU, therfore removing all our applied policy items, shows me that the identity of the two icons are as follows: 1) MyDomain\my user 2) Other User I would also note that this GP entry does not specifically remove it's self, I had to edit my default domain policy, and go to Computer Config -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Interactive logon: Do not display last user name And set this to DISABLED. Not defined leaves it with the setting from the previously applied group policy, even after a GPUPDATE / FORCE on server and workstation, and reboot (twice) of the workstation. So the problem seems to be that Winlogon believes it is presenting me with two options - last user, and other user, even though my preference is to have only the previous user be able to log back on (but their identity hidden). In fact, let me correct myself, an administrative override is still valid, and often required if a user has left their machine logged in - It's just when the policy has removed the last logged on user, and defaulted to presenting "Other user", it really shouldn't do this twice. This setting must be somewhere. I also followed this discussion : http://www.sevenforums.com/general-discussion/76482-unlocking-computer-prompt-user-selection.html suggesting: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Change --or create-- the dword setting "DisableCAD" to a 1. I hoped that disabling CTRL ALT DELETE may help, but all this does is IMMEDIATELY present the screen with two icons, not require CAD pressed first. I'll be hunting for the anwser today, but any other suggestions gratefully received!!! Thanks!

I have had some more promissing results to this. After reading this forum thread: http://social.technet.microsoft.com/Forums/eu/w7itproui/thread/3354d3a7-5642-4463-8d5f-2aa893a27478 I took note of the mention of alternative credentials providers such as "Toshiba Fingerprint Utility". I have nothing quite like that on the domain here, however we do run the nFront Password filter, as we have password policies dictated to us that go a little beyond the default avaliable on a Windows 2008 domain. Each workstation has to have a client installed, and for the Windows 7 64 bit workstation I am testing it has installed the version "nFront Password Filter Client x64" version 5.1.0. I found upon removing this and rebooting, my problem went away. I now upon locking the machine see just a prompt for username and password, with nothing filled in - this is what I want. When I install the nFront filter again (which I have to for production machines), problem is back. I see nothing under the nFront administrative template that seems to apply to this issue, so I have emailed them for support. I will report my results back here, but any other comments welcomed. -Tim Herman