Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Change last logged on user on Windows 10

In Windows 10 you can no longer change the last logged on user in the registry like you could in Windows 7. Windows 10 requires the user's SID to be entered as well. Here's an updated guide.

In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI, you'll want to change 4 entries:

  • LastLoggedOnDisplayName
    • Enter the user's full name, like Allan Jude
  • LastLoggedOnSAMUser
    • Enter the username, like SHORTDOMAIN\allan.jude
  • LastLoggedOnUser
    • Enter the username again, like SHORTDOMAIN\allan.jude
  • LastLoggedOnUserSID
    • Enter the user's SID, like S-1-5-21-112783954-3472839473-6329827380-1437
    • You can find the exact SID with wmic useraccount where name='allan.jude' get sid
    • Or you can search through the list of all users with wmic useraccount, and pipe it into Windows's version of grep, which I find easier to remember: wmic useraccount | findstr allan

Now you can log out, and you should be good to leave the workstation for the user.

@thefreakquency

This comment has been minimized.

Copy link

thefreakquency commented Sep 25, 2017

You could use the following in a Powershell script if needed:

write-host "[INFO] Changing the last logged on user: " $USER = 'DOMAIN\USER' #change this variable with the target information $USERDISPLAY = 'Full User Name' #change this variable with the target information $USERSID = (New-Object System.Security.Principal.NTAccount($USER)).Translate([System.Security.Principal.SecurityIdentifier]).value write-host "[INFO] Changing LastLoggedOnDisplayName registry key -> " -NoNewline reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnDisplayName /t REG_SZ /d $USERDISPLAY /f write-host "[INFO] Changing LastLoggedOnSAMUser registry key -> " -NoNewline reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnSAMUser /t REG_SZ /d $USER /f write-host "[INFO] Changing LastLoggedOnUser registry key -> " -NoNewline reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUser /t REG_SZ /d $USER /f write-host "[INFO] Changing LastLoggedOnUserSID registry key -> " -NoNewline reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUserSID /t REG_SZ /d $USERSID /f

This could be ran at each user log-out if you need to default to a single user on a given machine.

@techdesign

This comment has been minimized.

Copy link

techdesign commented Mar 5, 2018

In all of my testing, I've been successful in just setting LastLoggedOnSAMUser and LastLoggedOnUser and deleting the other two keys. That allows the user to log on successfully. I use the following batch file to prompt me for a username and set the two entries I typically set, deleting the others:

@echo off
echo Resetting last logged on username.
set /p id=Enter the username to reset to:
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUserSID /f
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnDisplayName /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUser /d %id% /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnSAMUser /d %id% /f

@alangar2050

This comment has been minimized.

Copy link

alangar2050 commented Aug 8, 2019

In all of my testing, I've been successful in just setting LastLoggedOnSAMUser and LastLoggedOnUser and deleting the other two keys. That allows the user to log on successfully. I use the following batch file to prompt me for a username and set the two entries I typically set, deleting the others:

@echo off
echo Resetting last logged on username.
set /p id=Enter the username to reset to:
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUserSID /f
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnDisplayName /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUser /d %id% /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnSAMUser /d %id% /f

Update to this is:
When using user name, make sure you use pcname\username instead of .\username for local accounts. Thank you.

@Pifferator

This comment has been minimized.

Copy link

Pifferator commented Aug 30, 2019

The code below worked for me in a Windows 10 environment, save as a .vbs file. This code allows you enter whatever you want in the domain and username fields.

'--------------
'Start of UAC workaround code

If WScript.Arguments.length =0 Then
Set objShell = CreateObject("Shell.Application")

objShell.ShellExecute "wscript.exe", Chr(34) & _
WScript.ScriptFullName & Chr(34) & " uac", "", "runas", 1
Else

'--------------
'Start of code

dim WSHShell
Set WSHShell = Wscript.CreateObject("WScript.Shell")
dim strRegKey
strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
strRegKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\"

StrUser = InputBox("username:", "last logged on", "")
StrDomain = InputBox("domain:", ". [dot] for local user")

If StrDomain = "" then
     StrDomain = "."
   Else
End If

wshShell.RegWrite strRegKey & "LastLoggedOnUser", StrDomain & "\" & StrUser, "REG_SZ"
wshShell.RegWrite strRegKey & "LastLoggedOnSAMUser", StrDomain & "\" & StrUser, "REG_SZ"
wshShell.RegWrite strRegKey & "LastLoggedOnDisplayName", StrDomain & "\" & StrUser, "REG_SZ"


WScript.Echo "Make it so."

'--------------
'End of code

'--------------
'End of UAC workaround code
End if
StrUser = StrUser

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.