Intune: Deploy Registry for AutoLogon

Question

Hello,

I am using O365/M365 with Clients, which are joined an Azure Domain.

I want to enabel on one client "autologon" for a specific M365 Account. The Client shouldnt be in a Kiosk Mode. Just normal Mode.

Therefore I created on "Endpoint Manager" a Powershell Script:

# MrNetTek
# eddiejackson.net/blog
# 1/2/2020
# free for public use 
# free to claim as your own

Function Add-RegPolicy($hive,$path,$type,$name,$data)
{
    $ErrorActionPreference= 'silentlycontinue'

    $regPath = "$hive`:\$path"

    if(-not (Test-Path -path $regPath))
        {
            # Create Path
            New-Item -Path "$regPath" | Out-null

        }

       # Remove Reg Key
       Remove-ItemProperty -Path $regPath -Name $name -Force | Out-Null

       # Add Reg Key
       Set-ItemProperty -Path $regPath -Name $name -Value $data -PropertyType $type | Out-Null             

       # Required for Binary 
       #$hex = $data.Split(',') | % { "0x$_"}            
       #New-ItemProperty -Path $regPath -Name $name -Value ([byte[]]$hex) -PropertyType $type | Out-Null

}

#Reg Hive + Reg Path + Reg Type + Reg Name + Reg Data
Add-RegPolicy -hive "HKLM" -path "SOFTWARE\Microsoft\Windows NT\CurrentVersion\\\Winlogon" -type String -name "AutoAdminLogon" -data "1"
Add-RegPolicy -hive "HKLM" -path "SOFTWARE\Microsoft\Windows NT\CurrentVersion\\\Winlogon" -type String -name "DefaultUserName" -data "username@domain"
Add-RegPolicy -hive "HKLM" -path "SOFTWARE\Microsoft\Windows NT\CurrentVersion\\\Winlogon" -type String -name "DefaultPassword" -data "Pass"

Then I created an Azure Security Group where I added those clients, which should have the autologin with the defined user.
Then I assigned that Group to the Powershell Script.

The Device Status says "Succeeded" but I do not see this keys updated on the assigend clients.

If I enter this registry keys manually on the client, then it is working.

Best Regards,
Johannes

Answer 1

I do not know why, but it is working now :-)

Answer 2

Hello @Johannes Ebner , as a security recommendation you might try Systernals Autologon v3.10 which encrypts the user credentials, opposite to the built in feature in Windows which saves them in clear text.

Answer 3

@Johannes Ebner Thanks for posting in our Q&A. From your description, I know it is working when we change the registry manually. But when we do it via script and deployed in Intune, it is not working.

To clarify the issue, we appreciate your help to collect the following information:

1. Check if the registry keys are added and changed when deploying the script policy.
2. Check if it is successful when you execute this script manually with the same account in the policy.
3. Please get the screenshot of the script policy settings in intune portal.

If there is anything unclear, feel free to let us know.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 4

autologon <username> <domain> <password>

It writes its arguments into rgistry, but didn't work.

My device doesnt have any local users and is AzureAD joined.
Which parameters are the right one in this case for autologon.exe?

I tried:

• username (written like in C:\users)
• username@keyman .tld (login upn in AzureAD)

As Domain I tried:

• AzureAD
• \AzureAD

Is somewhere a working example?

Answer 5

Did anyone get this to work? I have an all AzureAD environment and used the above PowerShell script with a user and it says it ran and completed successfully but it never puts in the registry keys, nor does it autologin in the user.