Enumerate Local Users On Domain Joined Computers

This guide will show you how to enumerate local users on domain joined computers running Windows 10/8.1.

When you join your Windows to a domain, the logon screen behaviour is somehow changed for local user accounts. By default, the logon screen is enumerated for local users. In simple words, this means the local users are not shown on login screen and if you want to login to local account, you’ve to use this guide:

How to login to local account instead of domain account in Windows 10

But if you try the method mentioned in above article, you may still need to input local account complete info to login. Some clients may feel this troublesome. Instead they look forward to have their local account listed on login screen so they can pick it up and instantaneously login to their account. Here’s is how to make this possible. You’ve to simply configure a GPO or registry setting for this as mentioned below.

Enumerate Local Users On Domain Joined Computers

Note: Below mentioned methods are not supported on Windows 10 Home edition.

Method 1 – Using Group Policy

1. Open GPO Editor by running gpedit.msc in Windows client edition and by using gpmc.msc command in Windows Server.

2. Next, open the GPO Editor window, navigate here:

Computer Configuration > Administrative Templates > System > Logon

Note: You should have Policies folder after Computer Configuration, if you’re on Windows Server.

Enumerate Local Users On Domain Joined Computers

3. In the right pane of Logon, look for the policy setting named Enumerate local users on domain-joined computers. Double click on it to modify its status:

Enumerate Local Users On Domain Joined Computers

4. Set the policy status to Enabled, so that local users will shown on the login screen of domain-joined Windows machines. Click Apply, OK.

5. Close GPO Editor and refresh GP engine to make changes effective.

Method 2 – Using Registry

We recommend you to create a System Restore point first before modifying registry.

1. Press W8K + R and type regedit in Run dialog box to open Registry Editor. Click OK.

Windows 10 Registry Editor

2. In left pane of Registry Editor window, navigate to following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

3. At this registry location, create a registry DWORD (REG_DWORD) named EnumerateLocalUsers and set it to 1 to enumerate local users on domain-joined computers.

4. Close Registry Editor and reboot to make changes effective.

To restore default behaviour later i.e. to not enumerate local accounts on domain-joined computers, simply set the policy setting to Not Configured (Method 1) or set the EnumerateLocalUsers DWORD to 0 (Method 2).

That’s it!

READ THESE ARTICLES NEXT

13 hours ago
Show or hide Power button on login screen in Windows 11

Show or hide Power button on login screen in Windows 11

April 14, 2024
Fix: Picture Password sign-in option missing in Windows 11/10

Fix: Picture Password sign-in option missing in Windows 11/10

March 1, 2024
User’s password must be changed before signing in

User’s password must be changed before signing in

February 28, 2024
Set default sign-in option in Windows 11

Set default sign-in option in Windows 11

Leave a Reply

Your email address will not be published. Required fields are marked *

LATEST ARTICLES

© 2010-2024, Kapil Arya. CC BY-NC-SA 4.0.