diff --git a/config/preseed.cfg b/config/preseed.cfg
index 4df33d1..20f88ac 100644
--- a/config/preseed.cfg
+++ b/config/preseed.cfg
@@ -117,7 +117,13 @@ d-i pkgsel/include string \
     gvfs-backends \
     gvfs-fuse \
     xautolock \
-    x11-xserver-utils
+    x11-xserver-utils \
+    lightdm \
+    lightdm-gtk-greeter
+
+# Display Manager (Graphical Login)
+d-i tasksel/desktop string lightdm
+d-i tasksel/first boolean true
 
 # Boot loader
 d-i grub-installer/bootdev string default
@@ -130,6 +136,8 @@ d-i finish-install/reboot_in_progress note
 
 # Prevent package questions during install
 d-i preseed/late_command string \
+    in-target systemctl enable lightdm && \
+    in-target systemctl set-default graphical.target && \
     in-target chmod 755 /home/user && \
     in-target chown -R user:user /home/user && \
     in-target systemctl mask ssh sshd 2>/dev/null || true && \
@@ -145,8 +153,6 @@ d-i preseed/late_command string \
     in-target mkdir -p /home/user/.config/autostart && \
     in-target cp /usr/share/applications/remmina.desktop /home/user/.config/autostart/ && \
     in-target chown -R user:user /home/user/.config && \
-    in-target bash -c "echo 'exec icewm-session' > /home/user/.xinitrc" && \
-    in-target chown user:user /home/user/.xinitrc && \
     in-target systemctl daemon-reload && \
     in-target systemctl enable football-first-boot.service && \
     in-target rm -f /tmp/disable-wifi-bt.sh /tmp/security-config.sh
diff --git a/config/security-config.sh b/config/security-config.sh
index efa6c20..76cb556 100644
--- a/config/security-config.sh
+++ b/config/security-config.sh
@@ -145,23 +145,53 @@ echo "  • Use Remmina or IceWM file manager to browse USB"
 echo ""
 
 # ============================================================================
-# Display Settings
+# Display Manager Configuration
 # ============================================================================
 
-echo "Configuring display power management..."
+echo "Configuring LightDM display manager..."
 
-# Disable screen blanking (let xautolock handle it)
-cat > /home/user/.xserverrc << 'EOF'
-#!/bin/sh
-# Disable screen blanking
-xset -dpms
-xset s off
+# Configure LightDM to be minimal and secure
+cat > /etc/lightdm/lightdm.conf << 'EOF'
+[Seat:*]
+# Disable guest sessions
+allow-guest=false
+# Disable switching users
+greeter-hide-users=true
+# Disable manual user entry (shows username field, not user list)
+# This allows manual username entry without displaying user list
+
+[LightDM]
+# Minimal greeter
+greeter-session=lightdm-gtk-greeter
+# Auto-login disabled
+autologin-user=
+# No auto-login timeout
+autologin-user-timeout=0
+
+[XDMCPServer]
+# XDMCP disabled (no remote X sessions)
+enabled=false
+
+[Greeter]
+# Minimal and secure greeter
+hide-users=true
+show-manual-login=true
+# No guest session
+allow-guest=false
+# Show password field
+show-password-label=true
+# Minimal theme
+theme-name=Adwaita
 EOF
 
-chmod +x /home/user/.xserverrc
-chown user:user /home/user/.xserverrc
-
-echo "✅ Display settings configured"
+echo "✅ LightDM configured"
+echo ""
+echo "Display Manager Features:"
+echo "  • LightDM (minimal and lightweight)"
+echo "  • Usernames hidden (no account picking)"
+echo "  • Manual username/password entry"
+echo "  • No guest sessions"
+echo "  • No user switching"
 echo ""
 
 # ============================================================================