How to change "Invalid Login Messages"

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi,

Can anyone tell me how, if it is possilbe, to change the message displayed
to the user when he logs in incorrectly? For example, when a user enters
the wrong password he gets the message: "The Password is Incorrect. Type the
Pas..... ".
I want to change this message to only display something like "Invalid Logon
Attempt". So that the user, who might be a hacker trying to break into an
account, will not know if he got only the user-id wrong or the password wrong
or both.

Thanks for any help regarding this. I think its a security issue when the
operating system gives hints that the username is correct and only the
password is wrong.

Thanks again.
1 answer Last reply
More about change invalid login messages
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "fjalbuena" <fjalbuena@discussions.microsoft.com> wrote in message
    news:84EE6E58-0724-497B-94AF-C51FC683A660@microsoft.com...
    > Hi,
    >
    > Can anyone tell me how, if it is possilbe, to change the message displayed
    > to the user when he logs in incorrectly? For example, when a user enters
    > the wrong password he gets the message: "The Password is Incorrect. Type
    > the
    > Pas..... ".
    > I want to change this message to only display something like "Invalid
    > Logon
    > Attempt". So that the user, who might be a hacker trying to break into an
    > account, will not know if he got only the user-id wrong or the password
    > wrong
    > or both.
    >
    > Thanks for any help regarding this. I think its a security issue when the
    > operating system gives hints that the username is correct and only the
    > password is wrong.
    >
    > Thanks again.

    Hmm on my PC (XP Pro) it gives the exact same error message "The system
    could not log you on. Verify that the user name and password are
    correct..." for incorrect usernames and incorrect passwords.

    Basically the message tells you that you were not authenticated and doesn't
    tell you the reason. In other words, it does exactly what you want.

    You're using XP Pro? Maybe Home Edition gives more details (emphasis more
    on home user ease-of-use than security) but I've never noticed that.


    --
    Colin Nash
    Microsoft MVP
    Windows Shell/User
Ask a new question

Read More

Security Windows XP