Within Windows it is sometimes necessary for a device to automatically log on, without prompting a user for a user id or password. This could be for the purpose of running a device as a kiosk, where a the device starts auto logs on and then the kiosk application loads full screen without any user interaction. There are obvious security issues with this, and to keep this article simple and concise lets ignore these for the time being. This article shows how it is possible with adding the appropriate registry keys.
Auto Logon has been around since the Windows NT 4.0 days, and the registry keys to enable this sit in an old part of the registry which still exists on Windows XP and Windows 7. This area can be found under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon .
There are 3 keys involved with this process with another optional key they are as follows :
- DefaultDomainName (string value) (optional) – if an active directory account is to be used this should be set to the active directory short name. If a local account is to be used this can be set to the device name.
- DefaultUserName (string value) – this can either be an active directory user account name, or a local account name. It is also possible leave out the DefaultDomainName and place an active directory shortname in front of the domain account. e.g. ADSHORT\UserAccount.
- DefaultPassword (string value) – this is the password of the A.D. account, this is in clear text, and yes does present a few security problems.
- AutoAdminLogon (string value) – this can contain a “1” or “0” and is simple the switch to enable or disable auto log on.
- ForceAutoAdminLogon (string value) (optional) – this can contain a “1” or “0” this is also optional, and negates the need for the user to press Alt+Ctrl+Delete. So, when the device boots it will log straight on, with no user interaction.
Using powershell scripting these can be placed inserted into the registry using the following commands :
PS C:\> New-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon’ -Name AutoAdminLogon -Value 1
PS C:\> New-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon’ -Name DefaultUserName -Value “<ADShortName|ComputerName>\UserID”
PS C:\> New-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon’ -Name DefaultPassword -Value P@ssw0rd
And the optional ones
PS C:\> New-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon’ -Name DefaultDomainName -Value “<ADShortName|ComputerName>”
PS C:\> New-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon’ -Name ForceAdminLogon -Value “1”