Safely setting autologon for Windows


When configuring Microsoft Windows to auto-logon, most people just modify the following keys in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomain

 

However, the problem with doing it that way is that the password for the user account is stored in the registry as unencrypted text, which means that anyone with enough rights to view the registry, be it locally or remotely, can view the password easily and potentially compromise the system.  This also applies if the computer was infected with a virus or malware, which could also potentially read the configured auto-logon user credentials and then send them over the internet for future malicious use.

However, if you use the Sysinternals tool AutoLogons to configure the auto-logon then the password string value is stored encrypted in the registry as an LSA secret.  Which means that, once the autologon is configured, the unencrypted version of the password used cannot be viewed by anyone/anything at all.

image

The tool couldn’t be simpler to use, and most importantly, it helps to maintain the security of your systems.

Comments (6)
  1. rsergio says:

    take a look at Logonexpert <a href="http://www.logonexpert.com">vista autologon</a> tool that encrypts password

  2. ASB says:

    I’ve been using AutoLogon for years, unfortunately, it does not seem to work with Windows 7 if it is logged on to a domain.

    -ASB: http://xeesm.com/AndrewBaker

  3. Dale Poole says:

    Doesn’t work on Windows 7 in any way shape or form.

    Is an update available for Win7?

  4. Rusty Stanaway says:

    My company has been using Autologon for years, but it only works when you first boot the machine or when you restart it.  I discovered that the program enters ForceAutologon incorrectly, capitalizing the "L" in logon so that it actually enters it as ForceAutoLogon, which does not work.  Is there a correction for this?

  5. rcmichelle says:

    Last time I forgot my password and tried everything i could do but failed, until I found this great tool Password Genius. It works great, and you can google it.

  6. Brendan Clarke says:

    It most certainly does work in Windows 7 – Domain or local user.  Try downloading the latest version.

Comments are closed.

Skip to main content