The autologon feature is provided as a convenience. However, this feature may be a security risk. If you set a computer for autologon, anyone who can physically obtain access to the computer can gain access to all the computer’s contents, including any networks it is connected to. Additionally, when autologon is turned on, the password is stored in the registry in plain text. The specific registry key that stores this value can be remotely read by the Authenticated Users group. This setting is recommended only for cases in which the computer is physically secured and steps have been taken to make sure that untrusted users cannot remotely access the registry. Kindly refer to these related guides: How to disable auto login in Windows, how to enable Automatic Logon on Windows 10, how to enable automatic logon on Windows 10 via the Registry, and how to setup Kiosk mode on Windows 10 with AD user Account.
You may want to set up an automatic logon for your kiosk device. When your kiosk device restarts, regardless of the cause such as from an update or power surge. You can configure the device to sign in manually or automatically for the Assigned Access account.
Note: Make sure that Group Policy settings applied to the device do not prevent automatic sign-in. When deploying Multi-App Kiosk, you use the kiosk wizard in Windows Configuration Designer or XML in a provisioning package to configure your kiosk account to sign in automatically in the wizard or XML file.
- Open registry
- Set the values for the following keys
- AutoAdminLogon: set value as 1
DefaultUserName: set value as the account that you want signed in.
DefaultPassword: set value as the password for the account.
Note: If DefaultUserName and DefaultPassword aren’t there,
– Add them as New > String Value.
Enter the name
Enter the password by double-clicking on Default Password
– DefaultDomainName: set value for a domain, only for domain accounts.
For local accounts, do not add this key.
– Close Registry Editor. The next time the computer restarts, the account will sign in automatically.
Note the following points below when implementing Auto Logon.
- To bypass the AutoAdminLogon process and to log on as a different user, press and hold the Shift key after you log off or after Windows restarts.
- This registry change does not work if the Logon Banner value is defined on the server either by a Group Policy object (GPO) or by a local policy. When the policy is changed so that it does not affect the computer, the autologon feature works as expected.
- When Exchange Active Sync (EAS) password restrictions are active, the autologon feature does not work. This behavior is by design. This behavior is caused by a change in Windows 8.1 and does not affect Windows 8 or earlier versions. To work around this behavior in Windows 8.1 and later versions, remove the EAS policies in Control Panel.
- An interactive console logon that has a different user on the server changes the DefaultUserName registry entry as the last logged-on user indicator. AutoAdminLogon relies on the DefaultUserName entry to match the user and password. Therefore, AutoAdminLogon may fail. You can configure a shutdown script to set the correct DefaultUserName.
You can also configure automatic sign-in using the Autologon tool from Sysinternals as this ensures the password is encrypted in the registry. See the link for these steps.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.