When you join your Windows to a domain, the logon screen behaviour is somehow changed for local user accounts. By default, the logon screen is enumerated for local users. In simple words, this means the local users are not shown on login screen and if you want to login to local account, you’ve to use this guide:
How to login to local account instead of domain account in Windows 10
But if you try the method mentioned in above article, you may still need to input local account complete info to login. Some clients may feel this troublesome. Instead they look forward to have their local account listed on login screen so they can pick it up and instantaneously login to their account. Here’s is how to make this possible. You’ve to simply configure a GPO or registry setting for this as mentioned below.
Page Contents
Enumerate Local Users On Domain Joined Computers
Method 1 – Using Group Policy
1. Open GPO Editor by running gpedit.msc
in Windows client edition and by using gpmc.msc
command in Windows Server.
2. Next, open the GPO Editor window, navigate here:
Computer Configuration > Administrative Templates > System > Logon
Note: You should have Policies folder after Computer Configuration, if you’re on Windows Server.
3. In the right pane of Logon, look for the policy setting named Enumerate local users on domain-joined computers. Double click on it to modify its status:
4. Set the policy status to Enabled, so that local users will shown on the login screen of domain-joined Windows machines. Click Apply, OK.
5. Close GPO Editor and refresh GP engine to make changes effective.
Method 2 – Using Registry
1. Press + R and type regedit
in Run dialog box to open Registry Editor. Click OK.
2. In left pane of Registry Editor window, navigate to following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
3. At this registry location, create a registry DWORD (REG_DWORD) named EnumerateLocalUsers
and set it to 1 to enumerate local users on domain-joined computers.
4. Close Registry Editor and reboot to make changes effective.
To restore default behaviour later i.e. to not enumerate local accounts on domain-joined computers, simply set the policy setting to Not Configured (Method 1) or set the EnumerateLocalUsers
DWORD to 0 (Method 2).
That’s it!
Leave a Reply