In a standard Windows 2000 Professional configuration, users see a Logon dialog box that prompts for their username and password. In the case of a domain member, this dialog box also includes a drop-down list that allows users to choose between the domain and local computer.

If you want to control what users see in the dialog box as well as fine-tune logon and shutdown security for the computer, you can configure a handful of group policy settings. These policies reside in the Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options branch of the local security policy. You can access and set these policies via the Local Security Policy console in the Administrative Tools folder, or you can set them through group policy.

For example, if you want to display a message informing users of company security policies, you can use the Message Text For Users Attempting To Log On policy. To enter text that appears in the title bar of the dialog box, you can use the Message Title For Users Attempting To Log On policy.

Another policy you should review is the Disable CTRL+ALT+DEL Requirement For Logon policy. When set to Disabled (the default), this policy causes Windows 2000 to require the user to press [Ctrl][Alt][Delete] to open the Logon dialog box. Using this keystroke combination improves security.

You can also improve security by not showing previous logon names in the Logon dialog box. Use the Do Not Display Last User Name In Logon Screen policy.