none
For those with Windows 10 Pro AND Multiple Profiles on your system... RRS feed

  • Question

  • My build: Microsoft Windows 10 Pro v1709 (OS Build: 16299.248) as of 2/26/2018.

    I found what appeared to be an anomaly immediately following the update to v1709.

    Specifically, my platform has four profiles. Two of which are used on a regular basis, the other two haven't been used in months.

    • My primary Admin profile (+ one backup Admin profile - unused in months.)
    • My standard user profile (+ one general user profile - unused in months.)

    After the install of v1709, a reboot or a cold-boot resulted in the log on process to sign in the profile I was used (e.g. my standard or my Admin) AND the other profile. The unused profiles were not being signed in.

    This was very unusual in that the system would REQUIRE both profiles to sign in, ALTHOUGH only one profile was selected, and one password provided (for the selected profile). How it skipped the password requirement for the other profile is beyond me.

    However, there is a finding that appears to have worked, and it was provided by Andy from another MS forum (Thank Andy).

    What I did was:

    1. Settings > Accounts > Sign-in options.
    2. In the privacy section, turned off "Use my sign in info to automatically finish setting up my device after update or restart."

    This event was being reproduced on a regular basis, every time I restarted or powered up my system. The result was that if I wasn't looking for it, when I went to shutdown, then a message that others were logged in would occur.

    Don't misunderstand. To actually use the auto-signed in profile, I still had to provide a valid password. Yet, having a system that "automatically knew" what the profile password was/is even when not requested, appears to be a serious breach of security.

    It meant that any profile selected would trigger an open hole in the system as the other profile would also log in, and therefor open the possibility that (if the profile is the admin profile) permit an exploit to occur from a profile with less than admin capability.

    Just thought I'd pass this along, and let others know of the potential.

    Jim


    Jim - Mastiffs are the greatest!

    Monday, February 26, 2018 2:17 PM

All replies

  • Hi Jim,

    Your behavior is correct, automatic logon is a common method for Multiple Profiles environment, try to use registry method to configure auto login.

    How to turn on automatic logon in Windows

    https://support.microsoft.com/en-sg/help/324737/how-to-turn-on-automatic-logon-in-windows

    Right click on the Start Icon, then select Run.

    Type in control userpasswords2

    Highlight your main account you use, then un-tick the dialogue at the top about Users must enter a password.

    About security, I think we don’t need to worry about, Microsoft has a Sysinternals tool AutoLogons to configure the auto-logon then the password string value is stored encrypted in the registry as an LSA secret.  Which means that, once the autologon is configured, the unencrypted version of the password used cannot be viewed by anyone/anything at all.

    https://docs.microsoft.com/en-us/sysinternals/downloads/autologon

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 27, 2018 2:27 AM
    Moderator
  • Would you mind letting me know the update of the problem? If you need further assistance, feel free to let me know. 

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 2, 2018 8:31 AM
    Moderator
  • Sadly, the response required far more complexity than provided by Andy Liu.

    The real simple answer was:

    1. Click the Start button, then select Settings > Accounts > Sign-in options.

    2. In the Privacy section, turn off Use my sign in info to automatically finish setting up my device after an update or restart.

    As this was done from my Admin profile, it also had a cascade effect and set the condition on my other profiles as well.

    A very simple solution to a seemingly difficult system operation.

    Jim


    Jim - Mastiffs are the greatest!

    Friday, March 2, 2018 1:33 PM