Single sign-on supports both the classic Logon screen mode (left screen shot) and the Welcome screen mode (right screen shot). As long as a device is using one of these two modes, single sign-on works as soon it is activated in the policy and the policy is applied to the device. Windows 7 is used in the example screen shots below, but Windows Vista and Windows XP also provide the classic Logon screen and Welcome screen modes.
Single sign-on also supports Secure Logon (shown below) in both of these modes. However, as with the standard Windows login process, the user must press Ctrl+Alt+Delete to dismiss the Secure Logon screen before the single sign-on process can continue.
If single sign-on is failing on a device, we recommend that you set the device to use the classic Logon screen without Secure Logon. In addition, we recommend that you set the
option to Enabled so that the Logon screen is not automatically populated with the user name of the last person to successfully log in.To configure these settings locally on a Windows XP device:
Log on to the device as an administrator.
Set classic Logon screen mode:
Click the gpedit.msc, then click to open the Local Group Policy Editor.
menu, click , typeIn the editor, expand
> > > > .Double-click
.Select
, then click .Disable Secure Logon:
Click the control userpasswords2, then click to open the User Accounts dialog box.
menu, click , typeClick the
tab.In the Secure logon section, deselect
.Click
.Enable the Do Not Display Last User Name setting:
Click the secpol.msc, then click to open the Local Security Settings.
menu, click , typeExpand
> .Double-click
Select
, then click .To configure these settings locally on a Windows Vista or Windows 7 device:
Log on to the device as an administrator.
Set classic Logon screen mode:
Click the gpedit.msc in the search box, then click to open the Local Group Policy Editor.
menu, typeIn the editor, expand
> > > > .Double-click
.Select
, then click .Disable Secure Logon:
Click the netplwiz in the search box, then click to open the User Accounts dialog box.
menu, typeClick the
tab.In the Secure logon section, deselect
.Click
.Enable the Do Not Display Last User Name setting:
Click the secpol.msc, then click to open the Local Security Settings.
menu, click , typeExpand
> .Double-click
Select
, then click .