Auto Logon

Issue

If Auto Logon is enabled on the scanned computer, the password that is used to logon automatically is stored in the registry (either in plaintext or encrypted). In either case, this feature poses a security risk because anyone with physical access to the computer can boot the system and automatically log on without having to enter any credentials.

Solution

Disable the Auto Logon feature. To disable this feature, use the Registry Editor to remove the AutoAdminLogon and DefaultPassword values under the following registry key: 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Caution: Using the Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows to correct them. Microsoft« cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be solved.

Note: You need administrator access to perform this task.

  1. Click Start, click Run, and then type regedit.exe.
  2. In the Registry Editor, expand the following keys in this order: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.
  3. Click Winlogon.
  4. In the right pane, find the DefaultPassword key in the name column and see if there is a value (anything other than "value not set") in the data column. If there is no value set or the DefaultPassword key does not exist, Auto Logon is not enabled.
  5. If there is a value, click the DefaultPassword key.
  6. On the Edit menu, click Delete.
  7. In the right pane, find the AutoAdminLogon key in the name column.
  8. If the value is set to 1, which indicates that Auto Logon is enabled, change the value to 0 to disabled this feature.

Additional Information

The credentials that are used to logon by default during automatic logon are found under the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

AutoAdminLogon REG_SZ 0 or 1 - Must be zero to remove this feature.

When you use AutoAdminLogon, Windows automatically logs on the specified user when the system is started, bypassing the CTRL+ALT+DEL logon dialog box. This is a very serious security problem because anyone can gain access to your computer.

DefaultUserName REG_SZ Username.

DefaultPassword REG_SZ Password

Specifies the password for the user listed under DefaultUserName

If the password used for automatic logon is stored programmatically by using the LsaStorePrivateData API, it is encrypted and stored under the following registry key:

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\DefaultPassword\CurrVal
HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\DefaultPassword\OldVal

By encrypting the password as an LSA secret, you prevent against remote users reading a plaintext password stored under the Winlogon registry key. However, anyone with physical access to the computer can boot the system and log on automatically, whether the password is encrypted or in plaintext, which poses a security risk.

⌐ 2002 Microsoft Corporation. All rights reserved.