Enable Automatic Logon via Windows Registry
The autologon feature is provided as a convenience. However, this feature may be a security risk. In this article, I will show you how to enable Automatic Logon via Windows Registry. Please see The different Windows Logon Types, how to fix “The sign-in method you are trying to use is not allowed: For more information, contact your network administrator“. Also see, how to Disable or Remove Kiosk Mode Via the Local Settings, and How to Create a React App with Vite.
If you set a computer for autologon. Anyone who can physically obtain access to the computer can gain access to all the computer’s contents, including any networks it is connected to.
Additionally, when autologon is turned on, the password is stored in the registry in plain text. The specific registry key that stores this value can be remotely read by the Authenticated Users group.
This setting is recommended only for cases in which the computer is physically secured. And you have been taken the steps to make sure that untrusted users cannot remotely access the registry.
Please see Enable Autologon and Autostart for user session, how to Disable or Enable Auto log on in Windows, and how to “Disable SQL Auto Close: Auto Close is enabled for both ePO and ePO Events Databases“.
Points to Note when implementing Auto Logon
To bypass the AutoAdminLogon process and to log on as a different user, press and hold the Shift key after you log off or after Windows restarts.
- This registry change does not work if the Logon Banner value is defined on the server either by a Group Policy object (GPO) or by a local policy. When the policy is changed so that it does not affect the computer, the autologon feature works as expected.
- When Exchange Active Sync (EAS) password restrictions are active, the autologon feature does not work. This behavior is by design. This behavior is caused by a change in Windows 8.1 and does not affect Windows 8 or earlier versions. To work around this behavior in Windows 8.1 and later versions, remove the EAS policies in Control Panel.
- An interactive console logon that has a different user on the server changes the DefaultUserName registry entry as the last logged-on user indicator. AutoAdminLogon relies on the DefaultUserName entry to match the user and password. Therefore, AutoAdminLogon may fail. You can configure a shutdown script to set the correct DefaultUserName.
Configure your device to sign in automatically
You may want to set up an automatic logon for your kiosk device. When your kiosk device restarts, regardless of the cause such as from an update or power surge. You can configure the device to sign in manually or automatically for the Assigned Access account.
Kindly refer to these related guides: How to disable auto login in Windows, how to enable Automatic Logon on Windows 10, how to enable automatic logon on Windows 10 via the Registry, and how to setup Kiosk mode on Windows 10 with AD user Account.
Note: Make sure that Group Policy settings applied to the device do not prevent automatic sign-in. When deploying Multi-App Kiosk, you use the kiosk wizard in Windows Configuration Designer or XML in a provisioning package to configure your kiosk account to sign in automatically in the wizard or XML file.
Open registry, and navigate to the "HKEY_LOCAL_MACHINE"
- SOFTWARE
- Microsoft
- WindowsNT
On the CurrentVersionWinlogon
- Set the values for the following keys, and set the AutoAdminLogon: set value as 1
DefaultUserName: set value as the account that you want signed in.
DefaultPassword: set value as the password for the account.
Note: If DefaultUserName and DefaultPassword aren’t there. Add them as New > String Value.
Enter the name
Enter the password by double-clicking on DefaultPassword
DefaultDomainName: set value for a domain, only for domain accounts.
For local accounts
For local accounts, do not add this key. Close Registry Editor. The next time the computer restarts, the account will sign in automatically. Please see how to fix “Auto Logon Error “The username and password specified is not valid”, and “Error 1385: The user has not been granted the requested logon type at this time“
You can also configure automatic sign-in using the Autologon tool from Sysinternals as this ensures the password is encrypted in the registry. See the Auto Logon: Enable Automatic Logon on Windows 10 for these steps.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.
Thank you very much. On LATEST Win10 (2020)
One has to first add the AutoAdminLogon string and add ‘1’ as value
AutoAdminLogon: set value as 1
DefaultUserName: set value as the account that you want signed in.
DefaultPassword: set value as the password for the account.
Note: If DefaultUserName and DefaultPassword aren’t there,
– Add them as New > String Value.
Dear Shad, I am glad you found this article very useful. Also, thank you very much for this input, I appreciate it a lot and I am sure other readers will benefit from this good work of yours.
You spelled “Default” in “DefaultPassword” incorrectly.
Spot on! Thank you for pointing this out. When next we wish to update this article, we will produce this scenario and update the images as well. Regardless, it will still work.
I know this guide is a bit vintage… but seriously, DON’T DO THIS!
Storing passwords in plain text in the registry? That’s like leaving your front door wide open with a neon sign that says, ‘Come in and steal my stuff.’ Big, big NO-NO.
Please, for the love of all things secure, at least use Autologon from the Sysinternals suite. It’ll encrypt your credentials before they hit the registry, so your secrets stay… well, secret.
I agree with you. While it’s essential to acknowledge the security risks associated with hardcoding passwords in the registry for auto-logon, there are other vital security measures that can be implemented to mitigate potential threats. These include robust physical security to limit unauthorised access and active monitoring solutions to detect unusual activities on the system.
In addition, using BIOS/UEFI passwords can significantly enhance protection by preventing unauthorised booting, ensuring that attackers can’t bypass security by modifying system configurations.
Most times, this solution is not used for testing and we have discussed other ways using assigned access, SysInternals and FrontFace Lockdown Tool