Categories
Fixes for Windows

Automatic Logon on Domain Computers

Warning

From all the bad advise on this site, this might be the worst yet.

If you still decide to proceed, make sure you’re setting this up on a computer that is not running Remote Desktop (either the built-in service or a third party’s like TeamViewer), not running a remote access services like a VPN server, proxy server, router, NAT, DirectAccess, etc. Make sure remote management tools like as RSAT, Windows Admin Center, WinRM and Remote Registry are either turned off, firewalled-off or both. If possible, use a ultra-low-privileged domain account. If you’re accessing a computer over vSphere’s virtual console, make sure the VM is set to lock when disconnected from the virtual console.

If you have a better method to set this up, please share.

Sometimes you need to run apps that are a pain to set as Windows Services and even if you manage they’re not quite there. You might also have the need to mount network shares as a certain domain user, so local accounts are just not an option.

Setting up automatic login on a domain-join computer is not as easy as [winkey]R control userpasswords2, the only solution I’ve found so far is to set the credentials right on the Windows Registry where they are unencrypted and easily retrievable over a multitude of methods.

You might also be able to set auto-logon up if you have a Microsoft System Center deployment in the network. It seems extremely inefficient even going through the trouble of setting a config policy for this, though.

You need four registry entries to set up automatic login on a domain-join computer, even for local accounts.

The values go in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

NameTypeData
AutoAdminLogonREG_SZ (String Value)1
DefaultDomainNameREG_SZ (String Value)<domain>
Can be FQDN or shortname
DefaultUserNameREG_SZ (String Value)<username>
DefaultPasswordREG_SZ (String Value)<password>