There are a lot of people, including Microsoft, making pre-built virtual machines for use for evaluation purposes. 99% of the time, they use an obscure username and password combination.
I realize most people who build these images want you to read their README files, but a lot of times I will keep these images around for demo purposes and never remember what username and password a particular VM uses.
If it is Windows based, it is very easy to set the HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\LegalNoticeText registry value. I have found myself manually editing each VM so that they include the username and password combination right inside the login screen.
On one hand, it is a security concern, but on the other hand, these are typically isolated single instance VMs that get launched from time to time. You will be the only one logging into the "console", assuming you have RDP disabled, so your risk of a breach is pretty low.
Obviously you are not going to want to do this with a production VM, but most of my virtual machines are for learning and demos.
