This weeks setting is one that has just been mentioned in the AD Blogs Friday mail sack and until today was a setting/feature of Windows Vista/7 that I didn’t know existed. This setting display information about previous logons during a user logon and is very similar to the last logon screen I see when logging onto an online banking web site. This setting can be found under Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Logon Options and must be applied to workstations AND domain controllers for it to work. The only down side for this setting is that you need to be in 2008 native mode to work so this might exclude some organisations for now.
WARNING: Be sure that you apply this setting to your domain controllers first otherwise they will not be able to logon.
Below is the message a users will see when after the logon successfully when the previous logon was also successful.
In this example we see the message when someone logon successfully where the 5 previous logon events had failed. Obviously this logon count number (see highlighted below) would raise a really big red flag for a users especially if you are sure that you were not the one to logon incorrectly.
For more information check out:
6 thoughts on “Group Policy Setting of the Week 35 – Display information about previous logons during user logon”
Blog Post: Group Policy Setting of the Week 35–Display information about previous logons during user logon http://bit.ly/c1BJ1j
Group Policy Setting of the Week 35 – Display information about previous logon during users logon http://bit.ly/djPhez
Jedna nova caka u GP-u. Display information about previous logons during user logon. http://fb.me/AKwkmmCF
We recently try to deploy a GPO on our network (All Server 2008 and Windows 7) to show previous logons during
user logon. The setting is located in Computer Configuration| Policies |
Administrative Templates | Windows Components | Windows Logon Options | Display
information about previous logons during user logon = Enabled. Our domain
level is set to Windows Server 2008. I verified that it is Windows Server 2008
on Domain and Trust.
Here is the article about this setting
Active Directory Domain Services: Last Interactive
But after we deploy the setting, we are no longer able to login
to any of our windows 7 machines. All of them got an error message said :
“Security policies on this computer are set to display information about the
last interactive logon. Windows could not retrieve this information. Please
contact your network administrator for assistance.”
worked on windows server 2008. I was able to login to DC and revise the setting,
so we can log back in the windows 7 machines.
Anyone has experience this
issue before? I looked up all of the web and only thing they said is to make
sure the domain functional level must be set to Windows Server 2008, which it
Sorry. I have not come across that issues…. You could try troubleshooting the issue by applying security group filtering to the GPO and only apply it to some objects. Almost sounds like that attribute is not readable, is there any special security delegate to the AD objects?
Ԝhat а stuff oof un-ambiguity ɑnd preserveness oof valuable
knowledge regatding unexpected emotions.
ʟook into mү page :: illuminati card game documentary (youtube.com)