Change last logged on user on Windows 10

change-last-logged-on-user-windows-10.md

In Windows 10 you can no longer change the last logged on user in the registry like you could in Windows 7. Windows 10 requires the user's SID to be entered as well. Here's an updated guide.

In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI, you'll want to change 4 entries:

• LastLoggedOnDisplayName
  • Enter the user's full name, like Allan Jude
• LastLoggedOnSAMUser
  • Enter the username, like SHORTDOMAIN\allan.jude
• LastLoggedOnUser
  • Enter the username again, like SHORTDOMAIN\allan.jude
• LastLoggedOnUserSID
  • Enter the user's SID, like S-1-5-21-112783954-3472839473-6329827380-1437
  • You can find the exact SID with wmic useraccount where name='allan.jude' get sid
  • Or you can search through the list of all users with wmic useraccount, and pipe it into Windows's version of grep, which I find easier to remember: wmic useraccount | findstr allan

Now you can log out, and you should be good to leave the workstation for the user.

You could use the following in a Powershell script if needed:

write-host "[INFO] Changing the last logged on user: " $USER = 'DOMAIN\USER' #change this variable with the target information $USERDISPLAY = 'Full User Name' #change this variable with the target information $USERSID = (New-Object System.Security.Principal.NTAccount($USER)).Translate([System.Security.Principal.SecurityIdentifier]).value write-host "[INFO] Changing LastLoggedOnDisplayName registry key -> " -NoNewline reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnDisplayName /t REG_SZ /d $USERDISPLAY /f write-host "[INFO] Changing LastLoggedOnSAMUser registry key -> " -NoNewline reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnSAMUser /t REG_SZ /d $USER /f write-host "[INFO] Changing LastLoggedOnUser registry key -> " -NoNewline reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUser /t REG_SZ /d $USER /f write-host "[INFO] Changing LastLoggedOnUserSID registry key -> " -NoNewline reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUserSID /t REG_SZ /d $USERSID /f

This could be ran at each user log-out if you need to default to a single user on a given machine.

In all of my testing, I've been successful in just setting LastLoggedOnSAMUser and LastLoggedOnUser and deleting the other two keys. That allows the user to log on successfully. I use the following batch file to prompt me for a username and set the two entries I typically set, deleting the others:

@echo off
echo Resetting last logged on username.
set /p id=Enter the username to reset to:
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUserSID /f
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnDisplayName /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUser /d %id% /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnSAMUser /d %id% /f

In all of my testing, I've been successful in just setting LastLoggedOnSAMUser and LastLoggedOnUser and deleting the other two keys. That allows the user to log on successfully. I use the following batch file to prompt me for a username and set the two entries I typically set, deleting the others:

@echo off
echo Resetting last logged on username.
set /p id=Enter the username to reset to:
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUserSID /f
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnDisplayName /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUser /d %id% /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnSAMUser /d %id% /f

Update to this is:
When using user name, make sure you use pcname\username instead of .\username for local accounts. Thank you.

The code below worked for me in a Windows 10 environment, save as a .vbs file. This code allows you enter whatever you want in the domain and username fields.

'--------------
'Start of UAC workaround code

If WScript.Arguments.length =0 Then
Set objShell = CreateObject("Shell.Application")

objShell.ShellExecute "wscript.exe", Chr(34) & _
WScript.ScriptFullName & Chr(34) & " uac", "", "runas", 1
Else

'--------------
'Start of code

dim WSHShell
Set WSHShell = Wscript.CreateObject("WScript.Shell")
dim strRegKey
strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
strRegKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\"

StrUser = InputBox("username:", "last logged on", "")
StrDomain = InputBox("domain:", ". [dot] for local user")

If StrDomain = "" then
     StrDomain = "."
   Else
End If

wshShell.RegWrite strRegKey & "LastLoggedOnUser", StrDomain & "\" & StrUser, "REG_SZ"
wshShell.RegWrite strRegKey & "LastLoggedOnSAMUser", StrDomain & "\" & StrUser, "REG_SZ"
wshShell.RegWrite strRegKey & "LastLoggedOnDisplayName", StrDomain & "\" & StrUser, "REG_SZ"


WScript.Echo "Make it so."

'--------------
'End of code

'--------------
'End of UAC workaround code
End if
StrUser = StrUser

Hm, seems to work for logging off. Any approaches for restarting the system?