How to use Group Policy Preference enable auto-logon

imageThe below article shows you how to use Group Policy Preference to setup the registry keys on a computer so that it automatically logs onto when its turned on. While doing this is potentially huge security issue and not something I would generally recommend IT staff might want to implement on computers that are highly locked down and used for only a specific propose.

How to set a registry key using Group Policy Preferences

Before we begin I will show you how create the required registry keys using group policy preference. After this I will list the registry keys you need to use with the instruction below to configure automatic logon.

Step 1. Edit a Group Policy Object that is applied to the computers you want this setting applied.

WARNING: Make sure you have not applied this policy to any computers before you begin as this will obviously logon any computer that this policy is applied to automatically.

Step 2. Navigate to Computer Configuration > Preferences > Windows Settings > Registry

image

Step 3. In the Menu click on Action > New > Registry Item

image

Now you know how to configure a registry key setting using Group Policy Preferences you can create a new Registry Item for each registry key listed below.

How to configure Windows to automatically logon

Now we need to create the below registry keys to enable the automatic logon process.

Note: You will need to substitute you own specific values for all the text in italic below.

Enable AutoLogon

Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: AutoAdminLogon (REG_SZ)
Data: 1 (Enabled)

Default Domain Name

Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: DefaultDomainName (REG_SZ)
Data: DOMAINNAME

Default User Name

Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: DefaultUserName (REG_SZ)
Data: USERNAME

Default Password

Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: DefaultPassword (REG_SZ)
Data: PASSWORD

You should now have 4 registry keys configured as the image below.

image

Warning: Be sure to also block the regedit tool on the user that logos onto this computer as anyone logged on the computer will be able to see the account password stored in the registry as clear text (see below).

image

Now when ever this computer is turned on it will start up and logon automatically with the credentials that you specified in the policy (see below).

image

Related Links

Creating a Steady State by Using Microsoft Technologies

Author: Alan Burchill

Microsoft MVP (Group Policy)

29 thoughts on “How to use Group Policy Preference enable auto-logon

  1. Hi,

    I have configured a New GPO for Autologon and applied to a single computer call “AIMS” but it doesn’t work. Even I added a single user to check if it work…but no luck….

    Can you please tell me best way to apply this GPO on Windows XP systems. I am using Windows 2008 32 Bit.

    Regards,
    Prashant

    1. Have you pushed out Client Side extensions to the Windows XP client? This is required for GP Preferences.

  2. No DValcourt, because I am not so sure how to do it!! Do you think that will help than please show me some guideline or link where I can see and install them.

  3. Isn’t the AutoAdminLogon value supposed to be fo the type REG_DWORD in stead of REG_SZ ?

  4. Hi , Is their any way that i can hide ,” loading user profile” message from users like VDI or Terminal access users ?

  5. In order to get these to work, you have to take HKLM\ off of the keys as the HIVE is already set for HKEY_LOCAL_MACHINE.

    So all of the keys above should be this….
    SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    Instead of this…
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    Also, I have mine set to “Replace” and not “Update” and it works great.

  6. Please correct the problems in your blog. Me and many other people have used your blog to enable autologon I would even remove the (enable) out of the blog or provide a screen shot of what it looks like in the Group Policy editor. I also used the replace instead of update I don’t know if that helped also.

    Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Value: AutoAdminLogon
    Data: 1 (Enabled)

  7. Is there any way to do this securely as an domain user will have read access to the SYSVOL and the unencrypted .xml file which contains the username and password?

    1. No… actually this is a very old post. So i would not reocmmend that you do it this way at all. Pretty much only do this as a very last resort and make sure the account has no special premissions.

Leave a Reply