none
Sysinternals Autologon not working on Windows Server 2016 RRS feed

  • Question

  • I have a specific situation where I need to have autologon run on a Windows Server 2016 machine so that it will logon whenever it is restarted.  I know that there is an option to do this directly in the Registry but I am hoping to use the Sysinternals Autologon because it has been easy to use in other situations and because of the encryption of the password.

    An older version of AutoLogon starts on a Windows Server 2016 and appears to configure the login but on restart it does not login. 

    I tried downloading and running V3.1 of AutoLogon but this version of AutoLogon doesn't even start when I try to run it.  It just spins for a few seconds and then stops.  Are there security settings that need to be disabled in order for AutoLogon to run and also to logon the server on restart?  

    Getting this error in Event Viewer at the time that I had tried to run AutoLogon.  

    Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

    I have use the Sysinternals Autologon app on workstation computers without problems and hope that it can also work on Windows Server 2016.

    Wednesday, January 29, 2020 4:33 PM

Answers

  • With the help of a colleague the mystery was solved.  

    The problem is not with the AutoLogon application itself.  The v3.1 version isn't running with the NIST restrictions in place so that must be a different problem, but the older version does run and is setting the logon registry setting correctly.  

    The problem was that the restrictions were not allowing the auto login to work on restart.  

    And the solution was from here:

    https://social.technet.microsoft.com/Forums/en-US/75a96281-9526-4092-9be2-fc9b2cab1014/autologon-on-windows-servers?forum=winservercore

    The values in these settings needed to be removed from the policy. 

    Computer configuration -> Local policies -> Security Options:
      Interactive logon: Message text for users attempting to log on
      Interactive logon: Message title for users attempting to log on

    Presumably these settings are waiting for the login user to press OK which never happens.  


    • Marked as answer by J Moen Thursday, January 30, 2020 11:16 PM
    Thursday, January 30, 2020 11:14 PM

All replies

  • Here it is Autologon and lsass writing the necessary registry key on Server 2016..

    It works like a charm!

    :-)

    HTH
    -mario

    Wednesday, January 29, 2020 10:10 PM
  • I see the registry keys for the  DefaultDomainName, DefaultUserName and AutoAdminLogon = 1. 

    The security keys must be blocked for me even though I am an Admin user.  I will have to check with our server security team. 

    But it just is not logging in on restart. 

    Frustrating :(

    Wednesday, January 29, 2020 10:43 PM
  • Yes, to access the security key you must start Regedit as Local System..

    use psexec to start a cmd as local system and from there start regedit

    psexec -s -i cmd.exe

    But I cannot see the voice "default password" under Secrets.. 

    Do you have any domain policy applied to your system which would deny logon to that user..

    By the way I used a Domain admin to start Autologon and specified the credential of that same user.

    What user are you using?

    HTH
    -mario

    Thursday, January 30, 2020 8:18 AM
  • We have narrowed this down to NIST restrictions that are in place on this server.   I don't know whether NIST restrictions are an industry standard setup or something our organization has put in place to meet the NIST standards. 

    When the restrictions are moved the AutoLogon set up works fine. 

    When they are put in place it doesn't. 

    We have removed the restriction on stored passwords but that still does not allow this to work.  It does allow Scheduled Tasks to be created but not this auto login using the AutoLogon setup. 

    Can anyone think of any other restrictions that could be blocking the auto login on restart?  

    Thursday, January 30, 2020 4:59 PM
  • With the help of a colleague the mystery was solved.  

    The problem is not with the AutoLogon application itself.  The v3.1 version isn't running with the NIST restrictions in place so that must be a different problem, but the older version does run and is setting the logon registry setting correctly.  

    The problem was that the restrictions were not allowing the auto login to work on restart.  

    And the solution was from here:

    https://social.technet.microsoft.com/Forums/en-US/75a96281-9526-4092-9be2-fc9b2cab1014/autologon-on-windows-servers?forum=winservercore

    The values in these settings needed to be removed from the policy. 

    Computer configuration -> Local policies -> Security Options:
      Interactive logon: Message text for users attempting to log on
      Interactive logon: Message title for users attempting to log on

    Presumably these settings are waiting for the login user to press OK which never happens.  


    • Marked as answer by J Moen Thursday, January 30, 2020 11:16 PM
    Thursday, January 30, 2020 11:14 PM
  • Nice troubleshooting..

    Thanks!

    -mario

    Friday, January 31, 2020 7:29 AM