Configure Computers to Automatically Logon after Reboot

Windows provides a feature that enables it to automatically logon after reboot, which can sometimes be very handy in certain environments. The configuration is applied through a series of registry values, which isn’t particularly convenient to enable manually. However, BatchPatch provides a quick way to apply the settings to target computers when you want to set them to automatically logon after reboot.

The most important thing to know about the automatic logon feature in Windows is that it creates a security vulnerability. In order to automatically logon after reboot, the computer stores the username and password in the registry in plain text. In some environments, this may be an acceptable risk, especially if the logon account being used does not have access to anything that wouldn’t be publicly accessible already. In environments where the risk is not acceptable, automatic logon probably should not be used at all. However, there is also always the possibility of inserting the appropriate username and password registry values, rebooting the computer and letting it automatically logon, and then finally removing the registry values that were previously inserted.

  1. To use BatchPatch to insert the autologon registry entries in target systems, highlight the desired host(s) and select ‘Actions > Reboot > Configure autologon > Insert autologon registry values’

    2015-10-05 14_01_55-Program Manager

  2. The ‘Auto Logon Credentials’ window appears. Input the username and password that you want to use to automatically logon the target system(s). In the ‘Domain’ field either enter the domain name where the user account resides, or if it’s a local computer account simply untick the ‘Domain’ checkbox, and you’ll see that it will be automatically filled in with $computer. Lastly, input a value for the ‘AutoLogonCount’ field.

    Note: The ‘AutoLogonCount’ value controls how many times the machine can be auto-logged-on after reboot before Windows automatically purges the username and password from the registry to prevent further automatic logons. With each restart, Windows decrements the value by 1 until it reaches 0. Note, if you set the ‘AutoLogonCount’ to 1, it will actually take 2 restarts before the credentials are automatically removed by Windows. On the first restart, Windows will automatically logon with the specified credentials. On the second reboot, Windows will remove the saved credentials from the registry and not automatically logon again. For the sake of maximum security, if you set the AutoLogonCount to 1, then you should still plan to remove the entries yourself after reboot by selecting the ‘Remove autologon registry values’ menu item in BatchPatch, unless you are OK with the username and password being stored in the registry in plain text until the following reboot. If you want the system(s) to automatically logon indefinitely, and if you aren’t concerned about the username and password being stored in plain text in the registry, then you can simply choose a very high number for the ‘AutoLogonCount’ field.

    2015-10-05 14_05_12-new 1 - BatchPatch X1

  3. Finally, to actually insert the necessary registry values, click OK.
    2015-10-05 14_34_43-new 1 - BatchPatch X1
  4. Once the registry values have been successfully inserted you can go ahead and initiate the reboot. You’ll see that unless you entered invalid credentials, the computer will automatically logon after the reboot completes. As mentioned above, you might now choose to remove the previously inserted registry values so that the username and password are not left stored in plain text in the target computers’ registries. To do this, highlight the computers and select ‘Actions > Reboot > Configure autologon > Remove autologon registry values’

    2015-10-05 14_38_45-new 1 - BatchPatch X1

This entry was posted in Blog, General, Tutorials and tagged , . Bookmark the permalink. Both comments and trackbacks are currently closed.