Windows optimize

Automatically log in to Vista and still be password protected

In this edition of the Windows Vista report, Greg Shultz shows you how you can take advantage of the automatic logon procedure described previously while still keeping your Windows Vista system password protected.

In last week's edition of the Windows Vista Report, Bypass the Windows Vista's logon procedure, I showed you how to access a hidden tool called the Advanced User Accounts Control Panel and configure your system to automatically log you on when it starts up. In a nutshell, this simply involves selecting your name in the User Accounts dialog box and clearing the Users Must Enter A User Name And Password To Use This Computer check box.

Of course, as I mentioned in that post, configuring an automatic logon procedure really only makes sense in a home setting where you're the only one who ever uses your Windows Vista system. (This technique will not work in your Windows Vista system is connected to a domain.

After the post was published, several readers commented that they thought that this technique was unwise because it left your system wide open to anyone who may happen to get access to your computer. Of course, this technique, while providing you with a convenience, will indeed make your system accessible to anyone who happens to turn on your computer.

Fortunately, there is a way to have your cake and eat it too. In this edition of the Windows Vista report, I show you how you can take advantage of the automatic logon procedure while still keep your Windows Vista system password protected.

Locking your system

As you probably know, when you're working on your Windows Vista system and decide to take a break, you can lock your system down by clicking the Start button and clicking the Lock icon that appears at the bottom of the right hand panel of the Start menu (Figure A). You can also lock your system by pressing [Windows]+L. When your system is locked, the only way to get access to it again is to type in your password.

Figure A

Lock Icon

However, most folks don't know that you can also lock your system by typing a series of commands in the command line. All you need to do is access the Run dialog box by pressing [Windows]+R and type:

rundll32.exe user32.dll, LockWorkStation

As soon as you click OK, your Windows Vista system will be instantly locked.

The trick that we'll take advantage of here is that anything that is running when you lock your system will continue to run while is it locked.

Creating a shortcut to lock your system

Because there is a series of command line commands that will lock your Windows Vista system, you can create a shortcut that will allow you to instantly lock your system, simply by double clicking an icon.

First, right click on the desktop and select New | Shortcut from the context menu to access the Create Shortcut wizard. When you see the Create Shortcut wizard, type the following into the Type the location of the item text box and click Next. (Figure B)
rundll32.exe user32.dll, LockWorkStation

Figure B

Create shortcut

(Take note of the uppercase letters in the word LockWorkStation as you type it -- if you don't use the exact case, the shortcut will fail.)

On the next page, type Lock It Down in the Type A Name For This Shortcut text box. Then click Finish. Just to make sure that it works correctly, double-click the Lock It Down shortcut.

Running the Lock It Down shortcut at startup

Once you ensure that the Lock It Down shortcut still works, you can place it in the Startup folder. To do so, just drag the Lock It Down shortcut from the desktop and hover over the Start button. Once the Start menu opens, hover over All Programs and then over the Startup folder until it opens. Once it does, just drop the shortcut into the Startup folder.

Using your protected system

Now when you turn on or reboot your system, it will automatically log on to your account and then immediately display the Welcome screen indicating that the system is in a Locked state. However, all your other startup programs continue to load in the background.

With this technique, you can now turn on your computer in the morning and go get a cup of coffee. When you return, your system has logged on, loaded all the start up programs, and is ready for you to sit down and go to work -- all you have to do is type your password.

Get Vista tips in your mailbox!

Delivered each Friday, TechRepublic's Windows Vista Report newsletter features tips, news, and scuttlebutt on Vista development, as well as a look at new features in the latest version of the Windows OS. Automatically sign up today!

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

26 comments
rameshsapkota
rameshsapkota

I'm highly grateful and fully satisfied with the answer. I was hungry for this.

zzyzx
zzyzx

does anyone know how to access a hidden account on windows vista?

sb9
sb9

This tip is useful. Take it as it is. As someone else mentionned, only a BIOS password will protect a machine (and even with that, there are ways around :) As for a password, well, either use the CTRL key, or best a Live CD (or anything else) and hop you are in the machine .... Best is BIOS, but not many wants to do it (or knows how to), and even so ... nothing's really secure in the end for someone who knows how to trick that kind of things. S.

WoW > Work
WoW > Work

If I recall correctly, doesn't holding the Ctrl key just after logging into Windows prevent Startup Programs from running? Worst case scenario, someone steals your laptop. They turn it on, and they see it auto-logs in, but locks itself. If they are smart enough to understand this, they can easily hold the Ctrl key to keep the shortcut from working.

blaqwolf
blaqwolf

It still amazes me that people don't bother to actually read the articles before posting. This is for home-use people, where you are not so concerned with security but you don't want your kids messing up your machine or your wife/husband seeing "something dirty". For those who run anti-virus software then this trick will let your A/V program check for updates, run a scan and then hand it over to trojan and spyware checker. If you have something like Diskeeper then it can do a quick cleanup, whatever... The point is, once the desk is locked no one can mess with you and when you get back from the kitchen or shower the system is done, you get your report from your A/V and you can start doing what it is you do and not what the system wants to do. Great tip Greg. Kinda cold here in Kentucky today!

jsjackson1
jsjackson1

This did not work for me....I now have to log in twice...instead of just once. How do I reverse what I did, as this is obviously not working for me. Thanks!

TheWizardOfOz
TheWizardOfOz

I think his suggestion is definitely inventive, but I wouldn't recommend doing this in a secure environment. First off, it doesn't appear as if holding down the SHIFT key to avoid programs in the "Startup" folder to start automatically still works in Vista - but that doesn't mean that following his instructions are safe. For example, depending on fast or slow the computer is and how many other startup programs are being loaded, an attacker might have a few seconds to manipulate the system - if just to remove that shortcut from the startup folder. If the apps in the startup folder are loaded alphabetically (I am not sure), then renaming it start with the letter 'A' might be a good idea. I would only do this in a non-secure environment where you are not storing confidential and/or secure data on your computer, and the login does not have permissions on remote servers etc. But keep in mind that as soon as you step away from the computer (after work), an attacked will have plenty of time to try and gain access to the system.

jkielty2
jkielty2

still typing a password and vista is crap anyway so who cares?

capecodkid906
capecodkid906

I do not mean to sound hostile. I personally feel that this is playing a dangerous game. If the laptop is not turned on while in your presence then anyone can access your data by simply turning on the PC. Here is another question, what if somebody simply did a hard reboot of the computer; wouldn???t this still allow the individual to login to the desktop? The only concrete way of protecting this system from being accessed by an unauthorized individual is to password protect the boot sequence with in the bios. Wouldn???t protecting the PC at boot defeat the purpose of not using a password during logon?

chaneys
chaneys

The author posted a useful tip last week and some concerns were raised. The author then followed up with anohter tip addressing those concerns. A 1 job!!!

akyjedi
akyjedi

Nice entry but with this method it'll just save the time for home users from waiting for programs to load at startup when compared with typical Vista logins at the Welcome screen.

richard.miller
richard.miller

Ace tip, I hate staring my machine, and then coming back to have only got as far as the login! I run a lot of programs at startup, and it takes time..

ppolak
ppolak

And it works with XP as well when you use TweakUI from the Widows Powertoys to configure your automatic logon.

boglode
boglode

I like this tip - it might not be as secure as the normal logon. However it makes it possible to turn on your machine, go for a cup of coffee and when you return everything will be up and running. However I am working on a domain - Is there a way to use this procedure on a computer on a domain?

AaronShim
AaronShim

lol... I like your thinking. I can't for the life of me think how you came up with the idea to do this though. All the same this could become very handy in 12 months time, when my Vista machine will be a alot more used and sluggish on startup.

The Listed 'G MAN'
The Listed 'G MAN'

That is all I had to do in the first place. Guess it is good if your logon times are high.

s31064
s31064

Thank you! I thought I was the only one that was mystified by the fact that almost no one else seems to be able to grasp what the article actually says. I can't believe some of the responses I read on this website. Granted, some of the articles are pretty lame, but there's enough good stuff to keep me reading. The responses from most of the readers however, just blow my mind. All they want to do is prove they thought of something the author didn't, even though they don't actually understand what the author is saying. I'm the SOX Security Officer for my division, the Site Security Officer, and a CISSP, and I don't have a password on my home system. I don't need it. If my home system was ever stolen, I'd go through the same problems as a result of having no password as I would if my password was 1q7sbIhe5YVC6hIkS59ltPkBjg1RBMFbU3gzNEvoDxQ67qVYaLx6b7xB9xawHDS5!

philrunninger
philrunninger

Allow me to raise another concern. I'm not sure about Vista (and can't test it now myself), but can't you just hold the Shift key down as the machine boots and logs in, preventing everything in your Startup folder from running?

?/\/\?|???\/???
?/\/\?|???\/???

Autologon (http://technet.microsoft.com/en-us/sysinternals/bb963905.aspx) stores the credentials encrypted in the registry, as a LSA secret (LsaStorePrivateData function). Protecting the Automatic Logon Password ( ) has some technical info / code that gives an example of the function's use. Autologon, combined with the technique described in the article, will achieve the same result.

norman
norman

All talk of overall advisability aside, on a domain you'd have to manually login to Windows first, then the locking routine can do its thing.

g.katzer
g.katzer

I certainly hope there is NOT a procedure to make this work in a domain environment; otherwise it would be an administrator?s worst nightmare! This tip is the most ridiculous thing I have seen on this site, is this guy a certified IT Pro? If you don?t want to type your password to use your workstation than get a job that does not require the use of a computer! Folks let?s face it, like it or not passwords are a good thing, they keep everyone honest.

tikigawd
tikigawd

"all your other startup programs continue to load in the background" right after you turn on your PC. Instead of starting to load once you log in (since you already logged in and [i]then[/i] locked it). It's useful to some people. If all you want is to take out your pwd b/c you're the only user in the environmnet then this technique is obviously not for you.

sb9
sb9

Very true. And I agree totally! S.

AaronShim
AaronShim

...I work from home. So I can get up, switch the laptop on, go make coffee etc & when I come back all the background apps & services are loaded and ready. I can see this being any help if you logon to a domain. A