Windows

Bypass the Windows Vista's logon procedure

Greg Shultz shows you how to access and use the Advanced User Accounts Control Panel to bypass Windows Vista's logon procedure and essentially configure Vista to automatically log you on when you turn on your system.

One of the pillars of the Windows Vista operating system is security. Vista comes with the User Account Control (UAC) system, a firewall, malware protection, antispyware, phishing filters, automatic updates, and of course a logon procedure that requires a user account and a password. All this security is tremendous and it gives you peace of mind knowing that you're system is protected when surfing the Internet.

However, what if you're the only one who ever uses your Windows Vista system in your home? Have you ever wished that there was a way that you could bypass Windows Vista's logon procedure and get right to work? There is a way that you can accomplish this task with a hidden tool called the Advanced User Accounts Control Panel.

In this edition of the Windows Vista Report, I'll show you how to access and use the Advanced User Accounts Control Panel to bypass Windows Vista's logon procedure and essentially configure Vista to automatically log you on when you turn on your system.

Accessing the hidden tool

To access the hidden Advanced User Accounts Control Panel, click the Start button, type "Control Userpasswords2" in the Start Search box, as shown in Figure A, and press [Enter]. When you do, you'll encounter a UAC dialog box and will need to respond accordingly.

Figure A

To access the hidden Advanced User Accounts Control Panel, you'll type Control Userpasswords2 in the Start Search box.
In a moment, you'll see the Advanced User Accounts Control Panel, as shown in Figure B. (As you can see, the dialog box is simply titled User Accounts.)

Figure B

The dialog box for the Advanced User Accounts Control Panel is simply titled User Accounts.

Configuring the automatic log on

To configure the automatic log on, select your user name in the Users For This Computer list, if it isn't already selected. Then clear the Users Must Enter A User Name And Password To Use This Computer check box. When you do so, your Advanced User Accounts Control Panel will look like the one in Figure C. To continue, click OK.

Figure C

Once you clear the Users Must Enter A User Name And Password To Use This Computer check box, the Users For This Computer list becomes unavailable.
As the last step in configuring the automatic log on, you'll see the Automatically Log On dialog box, shown in Figure D, and will need to type your password in both the Password and Confirm Password text boxes. To complete the operation, click OK.

Figure D

You'll be prompted to type your password in the Automatically Log On dialog box.

To test your Automatic log on, simply restart your computer. When you do, Windows Vista should automatically log you on.

What's your take?

Now that you know how to access the Advanced User Accounts Control Panel and enable the automatic log on feature, will you do so? Please drop by the Discussion Area and let us in on your thoughts.

Get Vista tips in your mailbox!

Delivered each Friday, TechRepublic's Windows Vista Report newsletter features tips, news, and scuttlebutt on Vista development, as well as a look at new features in the latest version of the Windows OS. Automatically sign up today!

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

67 comments
kevin patriot
kevin patriot

i can't even boot up/ i am asked for a password on vista????????

nol121
nol121

Not "Control Userpassword2" I use command "netplwiz" instead. anyway, thank you for your idea.

rfolden
rfolden

Use the same values as NT/2000/XP under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon You must have: (ALL REG_SZ) AutoAdminLogon "1" DefaultDomainName DefaultUserName DefaultPassword Yep, this still works in most cases... Yep, it is a security risk and... Yep, the password is still right there in plain text. Yep, you can successfully argue there are scenarios in which this probably will not work.

dougcouch
dougcouch

My Vista Home Premium HP slimline computer already bypasses the password dialog. HOWEVER, since purchasing it specifically to be the hub of my home network, I cannot access its hard drive or drives and resources connected to it without a password (whereas before with my XP computer, I could). I do NOT want to use a password...simple as that. There is no password established on the Vista computer, but it still required one when accessing over the network...which of course means I cannot access at all (without setting up a password). Clearly, this can be bypassed, but I am at a loss as to how to do it. The only remedy I've found offered is to change all computers to match, etc., which I also do not want to do. If I access the Vista computer remotely, the remote access software bypasses it just fine...so why can't I do it as well? Ideas? Solutions? - Thanks, Doug

inertman
inertman

there's so much wrong w/ so many of the posts that it's hard to know where to start, but i'll try. first; when people say "there's only 1 reason..." or "only 2 kinds of people..." etc, they're showing a close mindedness i wouldn't expect on this site. to these people i say, there's always something you haven't thought of you conceited fool. (i specifically use the word conceited instead of arrogant for a reason here, too) next; not all computers have access to these kinds of tools. i noticed one post re: a dell and other posts re: local policies. i've found on retail machines these tools don't usually exist. in addition, i've tried to do this search on 3 different xp machines and am writing this post from a vista ultimate 64 machine, all retail versions, and have yet to find this tool. while i am perfectly willing to admit there is something i am doing wrong, i find it unlikely, after reading every post and variation, that that is the case. it is more likely, imho, that updates from the mothership have removed this tool after this article came out, or that ms decided that users who would select ultimate 64 (haven't tried it in ultimate 32) would never want to do this, etc. next; i would think that people who would frequent this site would be smart enough to never do this w/ an admin account, only a user account. alas, based on the feedback here, that thought seems to be in error. some people have said that if you have access to the computer, you have access to everything on it. i beleive this is only true for the very adept. once i 'took ownership' of a directory on a system using 3 versions of xp, 2 versions of linux and 2 versions of vista, only vista had access to these files, and then i had to take ownership each time i switched to the other version. btw, you can only do this w/ admin permissions, so once again, why do these things (auto logon) on an admin account? next; internet logons. i access several banking insts and all won't allow auto logon regardless of how many times you tell windows to save the password. and, in some cases, i found that if too much info changed, ie; ip addy or machine loci, i had to go thru the verification procedure to even use my authentic password. so, if you steal my machine and find you can't access my files via windows, pull the drive w/ data on it, you would find that even then, since the verification for that site is in the user folder on another dive, you still would have too much difficulty to be worth while. next; stolen stuff. if i lose my wallet, thefirst thing i do after looking for it is call all my banks/creditors and lock down those accounts. wouldn't anyone do the same thing if you bank on you pc and it gets stolen? i realize this is different from a business model, but this is what this article is for, home users, right? and 'work' might mean differentthings to different people. ie, my 82yo father 'works'on geneology. and at his age, remembering several passwords is not only difficult, it's tedious and unneccessary, even w/ an always connected internet, the risk is minimal as he doesn't do internet banking and has no porn to share. if you really want to see my family tree, it will beon the web eventually anyway, why risk intrusion? there are so many other things to say here, but it gets a little old after a while, so any reader who wants more, feel free to respond.

woods
woods

I was having trouble with this like several others in this thread, then I noticed an error in the original article. I was typing in "Control Userpassword2" as shown in the example. However, the text of the article says "Control Userpasswords2" (passwords is plural in the text). When I did it like the text, it worked as advertised.

TheGooch1
TheGooch1

>Have you ever wished that there was a way that you >could bypass Windows Vista???s logon procedure and get >right to work? No.

mario.berube
mario.berube

If you are the only one user and if you don't use any password, there is no login procedure anyway. No?

jug_luv
jug_luv

its awesome for home user not using inernet bus dangerous for internet users

TimeChaser3222
TimeChaser3222

I am running a Gateway Notebook with Vista Home Premium. Is doesn't seem to work on this system either. Tried several times. Comes up like the picture on the web page does but wont open the user account. Any one know why??????

Tony Hopkinson
Tony Hopkinson

There is nothing on the PC that needs to be secure, or everything that needs securing has another mechanism for doing it. Lazy and ignorant You are a dolt. Possibility for number 4 is your PC has a guaranteed incorruptible armed bodyguard to make sure only 'you' uses it. Tell me does it bother you that re-security, you are part of the problem?

ARAHIGIHS
ARAHIGIHS

Doesn't look like this is something that works in every version of Vista. I typed in Control Userpassword2 and it actually tried to do a search for it. I never did get to the Advanced User Accounts Control Panel.

bus66vw
bus66vw

I was waiting for a write-up on this but I sometimes have guests for whom I would want a guest login. For me I need to switch back and forth. Can I do this? How? Would it be just the inverse? Will switching back and forth cause problems for Vista?

frankierowell
frankierowell

Not a good idea.. eg.. someone breaks into you house, and simply turns on the PC.. Wella... bye bye checking account... Frank - Tucson

christomaria
christomaria

Its ok and works just as you've written but also I would like to know how to make Win XP log on using the 'Ctrl+Alt+Del'?

amj2010
amj2010

we think this is very dangerous, cause everybody who use this PC can access your data, stupid by the way!

dougcouch
dougcouch

I guess I wasn't being clear. My Vista computer ALREADY bypasses the logon dialog without any special procedure. However, when OTHER computers on the home network attempt to access it, the password dialog comes up. There "is NO password" to enter, for none has ever been established, nor do I long to establish one. The last part of your procedure tells me to enter my password, thereafter allowing Windows to auto-logon. That's not bypassing the logon. Note: If logmein.com's software can access and remotely control my computer, it surely is possible to access it from my home network...in both cases without utilizing a password, automated or otherwise. Thanks, Doug

Tony Hopkinson
Tony Hopkinson

I stood corrected with the disbled guy, though there are ways round that problem as well, which unfortunately seem to cost a resonable sum. You have nothing to secure. NOTHING?? Possible but not probable. I have a very open mind, I love a better way. This is not it. It's another step down the security WTF path. I doubt many who get their PC stolen do consider what they have lost in terms in terms of identity, perhaps promoting that awareness would diminish f**kwit ideas like don't bother putting a password in.

Tony Hopkinson
Tony Hopkinson

It's awsome for anyone who locks their PC in a desposit box when they are not using it. You are still logged on, you still have password, problem is anyone with physical access to your PC does as well.

jdclyde
jdclyde

Those that have lost data and those that will lose data. Deciding to bypass security and open up their systems is just increasing the chances. I wouldn't have a problem with the article if he hadn't specifically stated "get to work" which implies this is a business machine. Anyone that opens up a business machine deserved to be fired. If you just have a gaming system at home, who cares? turn it on and frag away. A Windows gaming system would not hold personal data and should be formated and reloaded every few months anyways, right? ;\ A warning should have also been included. [b] Warning! ANYONE that sits at your computer can get anything they want by turning it on![/b] Neglecting that warning shows the tag "security" has no business being in this discussion.

Tony Hopkinson
Tony Hopkinson

Leaving aside a our physically impaired colleagues, and some rare set ups out in business land which don't use the standard windows desktop. Why is this a bad idea? It's yet another way of defeating being secure, in fact almost obviating it. What's the point of having a user id and password on a PC, if all you have to do is cycle the power? The entire industry is continually challenged by security, and we keep finding reasons and ways not to bother with it. This is a very bad mindset, we are never going to be secure until each one of us contributes to being secure. So please, click on the picture, type in the password, and pat yourself on the back for being part of the solution instead of the problem.

Msradell
Msradell

Before you say there's no good reason to do this I'll give you one. I am physically impaired and have to use voice recognition to control my computer, voice recognition does not become active until after you login thus I cannot use a computer by myself and it requires me to login whenever I reboot. How's that for a good reason?

Data Ninja
Data Ninja

It won't cause a problem with Vista, just an annoyance for you. Basically all you'd need to do is go to the Start - Logoff selection which would get you back to the standard logon screen so that if you have guest/limited account(s) you could then access those.

RobPatten
RobPatten

I'm no house breaker, but if I was, and I broke into a house I wouldn't be wasting time booting up a PC, especially if I had an alarm going off. I'd want to be in and out as quick as possible. I'd either take the PC under my arm and scarper with it, or if it looked a bit ropey or heavy or too many cables in the back to undo, would leave it where it was. Best go for the antique silverware, the Xbox360 and mobile phones and credit cards that have been left lying around the place. Maybe even strike gold and get the spare car key? In all seriousness I appreciate that for some people a password is useful, and is an extra security step. My own home PC has one for my user account, but the kids don't need them for their limited accounts. I suspect most people are more likely to become victims of identity fraud if a thief gets your chequebook or credit cards. A computer will just be sold on cheap. If the theif isn't savvy enough to format the drive maybe the purchaser of your stolen computer may find correspondence with your details on and give you a call. Or maybe I am dreaming now...

alaniane
alaniane

Click on "Start" Find and click on "Control Panel" Click on the link "Switch to Classic View" (if you are not already using Classic view) Double-Click on the "Administrative Tools" icon Double-Click on "Local Security Policy" When the Form opens up expand the "Local Policies" folder in the left frame of the form. Click on "Security Options" and then scroll down the frame on the right side until you find the line "Interactive logon: Do not require CTRL+ALT+DEL. Set this line to disabled by right-clicking on the setting in the "Security Setting" column.

go-trebblex
go-trebblex

just go to Start - Run. Type in 'control userpasswords2' Go to Tab 'advanced' and tick the box next to 'secure logon' (could be different... I have to translate from my dutch XP prof machine ;-) That's all.

s31064
s31064

People, you're missing the point. Yes, you and I worry about security, we live in and by our pc's, but face it: there's a whole world out there that doesn't give a damn about security. They still bank at the bank, they go to store to shop, and they use their machines to play games and keep track of recipes. These people love this kind of thing, and they make up a certain percentage of all of our clients.

dan.wildcat
dan.wildcat

You can always use BDE to encrypt your drive and require a USB key to start. That would keep anyone from getting your data and still allow you to bypass the login. If your data is private and important enough that you don't want it in the wrong hands, you can certainly take this next step to be safe.

Lamini
Lamini

people who hack into others computers regularly never needed your user login anyway. ps, this is nothing new. you can enter user control panel by typing the same command in XP

sellison
sellison

If you took the time to read the original article, you would have seen that it says " if you are the only person to use..." In this case the risk is much reduced.

The Listed 'G MAN'
The Listed 'G MAN'

I could whip out that HD and get all the data off the drive in minutes. So this is no big deal. I still would have a password however.

dougcouch
dougcouch

Well, not entirely true. logmein.com does have its own password setup...so perhaps logmein.com "is" automating logon?

inertman
inertman

i didn't say i don't have anything to secure, i said my father doesn't. i have all of my accounts in ms money on my pc. however, i don't have auto log-on either. maybe reading the whole post might help. further, if people don't consider what can happen when their computer gets stolen, then they fall into the group that needs to have their identity stolen, or their too stupid to own anything. not really, but maybe that's where the problem lies instead of with an article that shows people who have little to no risk how to simplify their lives, right? i'd would also suggest that those of us who can actually read and interpret a post might have fewer problems w/ their security than those of us who can't. thanks for the input tho tony.

jgwinner
jgwinner

If you have a Home Theater PC, this is a great thing to do. Do you really need to log in to watch a DVD? Grabbing the keyboard out from the cabinet is a hassle when all you want to do is throw in a CD and hit 'play'. Mind you, this is assuming the media in the HTPC is kid safe and it's not connected to anything else. Come to think of it, no saved passwords either. And if your response is 'yea but' then I want to see you lock your stereo reciever :) After all, they have firmware too! == John ==

tk4451
tk4451

I don't get to the start button. It just goes to the sign on page and you need the password, Is there another boot that will by-pass the log-in? The cd drive doesn't work.

Tony Hopkinson
Tony Hopkinson

I'm sure something could be done for you in that regard. Biometric voiceprint or RFID both could be achieved without compomising your security. In fact they'd improve it, if linked with a strong password generator. Coping with physical disabilities isn't big in mainstream IT I'm afraid, which is unfortunate as you guys must get way more out of the tech when you can use it than anyone else. Edited to add There's a piece of Shareware called WinDentify that claims to bne able to do Voice print logon by the way.

dean.kawasaki
dean.kawasaki

as The 'G-Man' mentions it probably doesn't allow you to access that options when part of a domain. i have Vista Business that is NOT part of a domain and i can access the control panel.

The Listed 'G MAN'
The Listed 'G MAN'

Lets just say that (for argument) I stole your PC base. When getting back to my base of operations I no doubt would boot up your PC just to see if there were any candids of the wife there. Suddenly I note when looking through your bookmarks and trying them that I can access your bank account. You see the point?

The Listed 'G MAN'
The Listed 'G MAN'

If you took the time to think you would come to the conclusion that it is better to have a password on your system regardless. This just removes 1 barrier should it fall in to the wrong (non educated about PC's) hands. May as well have no locks on the car door / ignition as you are the only person that uses it!

TheGooch1
TheGooch1

One example where this is useful is the Executive Display where I work. The IT director wanted to see how things are going in the enterprise by means of 'dumb terminals' that display Web server usage, system usage, network link usage, etc but non-interactively. The computers just sit in a room, and when power is turned on, they boot up, automatically log in, and start the display program that is assigned. You really can't ask the director to have to log into each of these computers, he'd rather just tell you to come upstairs to his office every morning and you log in for him. Or, you can just automate the entire process and not worry about it.

Tony Hopkinson
Tony Hopkinson

If it's just a harddrive and menu system then go right ahead. If you've got it hooked up to the internet, so you can order and pay for new movies on-libne, then mybe a rethink is in order.

s31064
s31064

My machine is part of a 2003 domain and I can still access the control panel. I don't have the option to turn off the login prompt, but I wouldn't expect to on a doman machine.

RobPatten
RobPatten

You make a very good point about having access to my POP account, like you say I don't know of any bank that emails out password reminders but would probably get you into eBay and PayPal accounts etc for starters. Having said that my account is password protected, not because I mistakenly believe that nobody can see any of my files because I have a passwords, but it does add a level of inconvenience to somebody not particularly determined. TBH I would be much more interested in any candid wife pics I found on any computer than banking details. ;)

The Listed 'G MAN'
The Listed 'G MAN'

How many people allow IE, FF2 and other browsers to save passwords for them. This coupled with no login account password is a security nightmare. Even if I don't have the password I may have access to your e-mails and the actual POP account. Forgot your password - click here!!! OK Banks do not e-mail out passwords, but others do! Good day to you :-)

RobPatten
RobPatten

If you looked through my bookmarks you would indeed find links to logon pages for various financial institutes that I happen to hold accounts with. But there are no passwords saved in so you're on your own from there. On the other hand, if you found candid pics of my wife you may want to try using them as blackmail in getting me to supply the logon details you need. :)

michael.kregel
michael.kregel

Some people always have a comment for EVERYTHING and it gets annoying. First, I am new to posting on this site, not new to the site though. Second, there is no need for so much static. People need to do things like this knowing very well what it means. No need for comments.

alaniane
alaniane

your garage door didn't lock? If your computer is connected to the Internet then it's like having your car in a garage that does that has a door that does not lock. If you have a standalone or if there is no valuable info on the computer then not having a password is probably OK. But don't assume that a cracker needs to be at the physical location of your computer to access it if your connecting to the web. In fact with some computers, he doesn't even have to physically push the on/off button to turn the thing on.

Richard Turpin
Richard Turpin

I suppose that's feasible provided you park your PC in the car Park!!

Tikigawd22-22131115481823653060060014737332
Tikigawd22-22131115481823653060060014737332

So why would I need to lock my computer in my home if I'm the only one who lives there? If you like having a password then go ahead. But having the choice to not have one is nice. It's called a Personal Choice. dolt

The Listed 'G MAN'
The Listed 'G MAN'

Sir. Posts A Lot - all I AM doing is pointing out that in the context of this forum, it is not a good choice of action to follow. Period. Now - Where do you park your car normally?

michael.kregel
michael.kregel

Sometimes, dude, you DON'T want a password for whatever reason. Period. You look at it as being dangerous, some need to do this.

Editor's Picks