26e4 Configure Automatic Logon in Windows NT | User Security | Smallvoid.com

Configure Automatic Logon in Windows NT

28 February 2003 by Snakefoot | Comment » | Trackback Off
It is possible to make the logon automatically, which is very convenient when using a strong password to avoid network attacks but still wants to have easy physical access to the machine.

The easiest (and the most secure) way to enable automatic logon:
  • Press Start-button and open the Control Panel
  • Double click the Users and Passwords (If using WinXP Home then read this)
  • Uncheck Users must enter a user name and password to use this computer
  • It will prompt for a username and password for the automatic login.
    • The password entered will be encrypted and saved in the registry here (Will also happen if using Tweak UI to configure Automatic Logon):

      [HKEY_LOCAL_MACHINE \SECURITY \Policy \Secrets \DefaultPassword]

  • Press Ok and reboot to test that the automatic login is now working
WinXP will automatically activate automatic logon if the following conditions are true:
  • The Welcome screen must be enabled
  • Guest account access must be turned off
  • There must be only one user account on the computer
    • System Accounts must be added to the SpecialAccounts Userlist as hidden. After installing Service Pack 2 then a new account ASPNET is added that is not hidden, so automatic login stops working.
  • The user account must not have a password
Note it is also possible to manually enable automatic login using the registry, but with the exception that the password is placed in the registry as plain text:

[HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon]
DefaultUserName = "MyUserName"
DefaultPassword = "MyPassword"
DefaultDomainName = "MyNetworkDomain or MyComputerName"
AutoAdminLogon = "1"

Note the security policy "Don't Display Last Username" must be disabled for the automatic logon to work. This can be done with this STRING registry value:

[HKEY_LOCAL_MACHINE \Software \Microsoft \Windows NT \CurrentVersion \Winlogon]
DontDisplayLastUserName = "0"

Note in Win2k/XP one can force autologon, so when a user logs off it will automatically logon again (Though it will disable remote logon):

[HKEY_LOCAL_MACHINE \Software \Microsoft \Windows NT \CurrentVersion \Winlogon]
ForceAutoLogon = "1"

Note it is possible bypass the automatic logon in case one need to access another account than the default. This is done by holding down the keyboard key SHIFT while Windows is starting or holding down SHIFT while logging off (If using an USB keyboard then USB legacy support must be enabled in the motherboard BIOS). This bypass can be disabled with this STRING registry key:

[HKEY_LOCAL_MACHINE \Software \Microsoft \Windows NT \CurrentVersion \Winlogon]
IgnoreShiftOverride = "1"

More info MS KB Q97597
More info MS KB Q114615
More info MS KB Q167364
More info MS KB Q234333
More info MS KB Q234562
More info MS KB Q282866
More info MS KB Q300433
More info MS KB Q310584
More info MS KB Q315231
More info MS KB Q324737
19da
Tags:
Category:

Updated: 5 October 2007

Comments:

Comment by Philip - 28 September 2007 @ 20:53 Reply

nice tips, thanks a lot

Comment by antonio - 2 October 2009 @ 18:10 Reply

love it,
i have found one more at
it was really easy one
http://hackerthedude.blogspot.com/2009/10/logon-automatically.html

Leave a comment


NB! Use the Forum for computer help and off-topic questions.

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>


0