Understanding Policies: Login Window Controls

By Zach DeMeyer Posted December 24, 2019

GPO-Like Policy

The Policies feature of JumpCloud® Directory-as-a-Service® enables admins to automate a majority of their system security management needs across Windows®, Mac®, and Linux® systems. With the Login Window Controls/Text, Logon, and Message Text For Users Attempting To Log On Policies, IT organizations can instantly tighten their control over how users access their systems.

What are the Login Window Controls/Text, Logon, and Message Text For Users Attempting To Log On Policies?

Login Window Controls/Text — macOS®

The Login Window Controls Policy allows IT admins to control how their end users’ Mac screens look upon login. Specifically, the policy allows IT organizations to show or hide the Username and Password Dialog commonly present on macOS devices.

The Login Window Text Policy enables IT admins to display a message of their creation that end users will see upon visiting their Mac login screens.

Logon/Message Text For Users Attempting To Log On — Windows

The Logon Policy is the Windows analogue to the Mac Login Window Controls Policy, except with considerably more configuration options. With Logon, admins can control nearly every aspect of the Windows login screen. This includes the obfuscation of account details at login, as well as the ability to revert back to the classic Windows logon interface. There are a number of variables that affect this policy, which are fully detailed in the JumpCloud admin portal.

The Message Text For Users Attempting To Log On Policy is the Windows analogue to the Login Window Text Policy for Macs. IT admins can use the policy to create a custom text string that users will see upon Windows login.

Why Use These Policies?

The benefits of these Policies are twofold.

Security

One of the core uses of these Policies is to remove login information (i.e. username) from the screen after the system is opened. By doing so, IT admins can hide the system’s core user, as well as local or super admin accounts. If the system was to be stolen or otherwise compromised, this practice reduces the risk of repeated brute force login attempts targeting a username, or attacks upon an admin login.

Additionally, by controlling the appearance of login windows, admins can ensure that potentially compromising app notifications or other similar behaviors are hidden from bad actors.

Efficiency

With control over the login window appearance and behavior, IT organizations can also speed up their users’ login processes. The Window Logon Policy specifically can be used to control much of the nature of the Windows Logon screen. That means that admins can remove non-essential startup objects, like the Windows Startup sound and animations.

These Policies also allow admins to communicate urgent or repeated information via text string to their users as soon as they open their systems. That way, admins can interface with their user base directly within their endpoints, making communication a breeze if the admin or employees are remote.

How to Use Policies

Policies like the ones detailed above can be enabled with a few quick clicks in the JumpCloud admin portal. Apply Policies to entire user/system Groups in JumpCloud to enforce them at scale, or granularly to individual systems as needed. 

Not a JumpCloud Customer?

If you haven’t tried JumpCloud Directory-as-a-Service, the first cloud directory service, you can do so today, absolutely free. Just sign up for a JumpCloud account, which includes 10 complimentary users to get you started.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts