Chia sẻ qua

Safely setting autologon for Windows

  • Bài viết

When configuring Microsoft Windows to auto-logon, most people just modify the following keys in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomain

 

However, the problem with doing it that way is that the password for the user account is stored in the registry as unencrypted text, which means that anyone with enough rights to view the registry, be it locally or remotely, can view the password easily and potentially compromise the system.  This also applies if the computer was infected with a virus or malware, which could also potentially read the configured auto-logon user credentials and then send them over the internet for future malicious use.

However, if you use the Sysinternals tool AutoLogons to configure the auto-logon then the password string value is stored encrypted in the registry as an LSA secret.  Which means that, once the autologon is configured, the unencrypted version of the password used cannot be viewed by anyone/anything at all.

image

The tool couldn’t be simpler to use, and most importantly, it helps to maintain the security of your systems.

Comments

  • Anonymous
    April 23, 2009
    take a look at Logonexpert <a href="http://www.logonexpert.com">vista autologon</a> tool that encrypts password

  • Anonymous
    February 08, 2010
    I've been using AutoLogon for years, unfortunately, it does not seem to work with Windows 7 if it is logged on to a domain. -ASB: http://xeesm.com/AndrewBaker

  • Anonymous
    March 23, 2010
    Doesn't work on Windows 7 in any way shape or form. Is an update available for Win7?

  • Anonymous
    July 09, 2010
    My company has been using Autologon for years, but it only works when you first boot the machine or when you restart it.  I discovered that the program enters ForceAutologon incorrectly, capitalizing the "L" in logon so that it actually enters it as ForceAutoLogon, which does not work.  Is there a correction for this?

  • Anonymous
    August 31, 2010
    Last time I forgot my password and tried everything i could do but failed, until I found this great tool Password Genius. It works great, and you can google it.

  • Anonymous
    February 27, 2011
    It most certainly does work in Windows 7 - Domain or local user.  Try downloading the latest version.