Discussion on:

Set up an automatic logon to Windows XP

Automatically logging on to a Windows XP PC seems a little insecure to me. Out of curiosity, I checked whether this functionality worked in the beta version of Windows XP SP2 ? it does.

Is anyone else concerned about the potential security problems automatically logging on to a PC can cause?

You may have a kiosk or turnkey application that does not require connection to any networks or any security at all. In some situations, you have machines where the only thing exposed is the display. Yes, in most cases it should be discouraged. But it is an essential feature to have.

Kiosk? I hadn't considered those.

How do you prevent a user from giving the 3-finger salute and rebooting the kiosk system? That has be deactivated doesn't it?

If it's just a touchscreen and the rest of the PC is tucked away in a locked cabinet (or something similarly secure), I would think that would be safe...

I don't allow the use of autologin features on any computer of which its attached to any network that I am responsible for. Such a simple thing can be such a HUGE security hole (more like a "crater" really!).

I use autologin on my home computer but that's at home and I live by myself and when my girl is over she doesn't have the slightest interest in computers to begin with.

At home that is. I have a very restricted account established for the autologin it doesn't even have a password. If I need to pay bills or balance the checkbook, or do taxes, I logout and login with an account for each. If I need to patch or do other admin tasks, I use those accounts. I also make extensive use of the runas utility.

I can't even burn a CD with the autologin account which is named "user" BTW. e-mail and web browsing are OK. So many areas are read-only to this account that I have to keep a list of where I can save a file.

Go to Microsoft's Windows XP Downloads page at http://www.microsoft.com/windowsxp/downloads/default.mspx

Click the link for PowerToys and Add-ins for Windows XP. Then click the link for PowerToys for Windows XP.

Download Tweak UI (147 KB) and install it on the PC you want to have an automatic logon.

Start the Tweak UI program. Expand the Logon item. Select the Autologon item. Check Log on automatically at system startup. Enter a username to log on as. Then set a password by clicking the set password button.

To suppress autologon, hold the shift key while the system is starting until you get the standard logon dialog box.


This is a Microsoft provided tool, but it is not supported from what I understand. However, I am using it on at least two PC's (kiosk style) and it seems to work without problem.

But I still have to click "ok" on my company's legal notice before it will go to the desktop. Any idea on how to bypass this?

The many convenient features of XP are completely overshadowed by MS's " we'll do it all FOR you " overbearing attitude. I don't want procedures, protocols, assists, ad nauseam, that I'm stuck with, that chew up my time - want it or not, complicate the start, running and shut down and, and lockup the system when corrupted, which is frquently. For all of 98's shortcomings, when something was a big pain in the ass, I was able to get rid of it. Bill Gate's ego trip, that he knows better than anyone else what's good for the users, should give give him a big pain in the ass, like a big chunk out of it.

why not just go to the control panel and click user accounts? this doesn't require a command line to run.

So now how do you undo it? I cannot get into do anything on my computer now? I cannot even run system retore. So far my only alternative is to redo my machine wipe an dreload and that is not nice as I just finished doing it and i use dialup.

when the application opens there is no checkbox to uncheck, I have two machines running XP Pro and same results on both.

XP Pro doesn't do this when it is joined to a domain as a security prevention. Not sure if there are third party apps that will allow for auto logons, but would suspect they exist somewhere...

(Realized the title to my previous post was slightly off...)

This little trick only works for PCs not running under a domain. For example, the CNET PC I am writing this response on is on a domain and I get permissions from the network, therefore this utility does not have the auto logon option.

Are you running under a domain network?

FIRST OFF! I DO *NOT* condone this action. I agree that autologon is a major security hole (or crater as one other person put it). I *ONLY* use this for generic user accounts where the particular account has no network access except for particular programs that need to be run.

Secondly: It does say that you cannot use this to logon to a domain, but it does work. MS does not make this public (probably just to get around lawsuits...) but I found that it does work.

Again, use this for Kiosk situations, and computers that use touch screen applications (although there are touch screen keyboards).

Here is the main trick. It's a registry hack (of course). This will allow auto logons for domain situations.
_______________________________________________
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"DefaultPassword"="ENTER PASSWORD HERE"
"DefaultUserName"="ENTER USERNAME HERE"
"DefaultDomain"="ENTER DOMAIN NAME HERE"
"ForceAutoLogon"="1"
"AutoAdminLogon"="1"
____________________________________________

Copy the following into a txt file and rename it to have an extension of .reg . Once this is finished, enter the username, password and domain name. Keep the quotation marks and there you go! Autologon by means of the registry.

Again, I do not condone this in anyway or form, but I have had to use it for several applications at work and so far, have had no problems at all.

My company doesn't need any type of file restriction and everybody can logon on any machine. With help from this article I Improved my service towards employees.

Thanks for this info. I found this 4-year-old post during a search after a Windows Update resored the logon screen that I had deactivated years earlier on my old laptop computer. I had previously found this long, convoluted and dangerous procedure on the Microsoft site:
http://support.microsoft.com/kb/315231
and thought, there must be a better way. Fortunately, this older and much simpler procedure is it. Wonder if the Microsoft Mavens know about it?

Check here for further Assistance http://osconfig.blogspot.in/2012/07/automatic-logon-in-windows.html