Configure Automatic Logon in Windows NT

It is possible to make the logon automatically, which is very convenient when using a strong password to avoid network attacks but still wants to have easy physical access to the machine.

The easiest (and the most secure) way to enable automatic logon:

  • Press Start-button and open the Control Panel
  • Double click the Users and Passwords (If using WinXP Home then read this)
  • Uncheck Users must enter a user name and password to use this computer
  • It will prompt for a username and password for the automatic login.
    • The password entered will be encrypted and saved in the registry here (Will also happen if using Tweak UI to configure Automatic Logon):

      [HKEY_LOCAL_MACHINE \SECURITY \Policy \Secrets \DefaultPassword]

  • Press Ok and reboot to test that the automatic login is now working

WinXP will automatically activate automatic logon if the following conditions are true:

  • The Welcome screen must be enabled
  • Guest account access must be turned off
  • There must be only one user account on the computer
    • System Accounts must be added to the SpecialAccounts Userlist as hidden. After installing Service Pack 2 then a new account ASPNET is added that is not hidden, so automatic login stops working.
  • The user account must not have a password

Note it is also possible to manually enable automatic login using the registry, but with the exception that the password is placed in the registry as plain text:

[HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon]
DefaultUserName = “MyUserName”
DefaultPassword = “MyPassword”
DefaultDomainName = “MyNetworkDomain or MyComputerName”
AutoAdminLogon = “1”

Note the security policy “Don’t Display Last Username” must be disabled for the automatic logon to work. This can be done with this STRING registry value:

[HKEY_LOCAL_MACHINE \Software \Microsoft \Windows NT \CurrentVersion \Winlogon]
DontDisplayLastUserName = “0”

Note in Win2k/XP one can force autologon, so when a user logs off it will automatically logon again (Though it will disable remote logon):

[HKEY_LOCAL_MACHINE \Software \Microsoft \Windows NT \CurrentVersion \Winlogon]
ForceAutoLogon = “1”

Note it is possible bypass the automatic logon in case one need to access another account than the default. This is done by holding down the keyboard key SHIFT while Windows is starting or holding down SHIFT while logging off (If using an USB keyboard then USB legacy support must be enabled in the motherboard BIOS). This bypass can be disabled with this STRING registry key:

[HKEY_LOCAL_MACHINE \Software \Microsoft \Windows NT \CurrentVersion \Winlogon]
IgnoreShiftOverride = “1”

More info MS KB97597
More info MS KB114615
More info MS KB167364
More info MS KB234333
More info MS KB234562
More info MS KB282866
More info MS KB300433
More info MS KB310584
More info MS KB315231
More info MS KB324737