Remove From My Forums

Group Policy for autologon

Question
0

Sign in to vote

I am setting up some 2012 servers in an AD in a virtual machine environment and need to find a way to have them autologon at system boot. The machines are in a lab environment so there is no real concern for security of the autologon.

I have run the autologon.exe on non-AD servers and it works fine. When I run autologon.exe on a machine in the AD the autologon flag seems to get reset to '0' by group policy. I have looked, but can't seem to find anything within the group policy management editor that would elicit this behavior nor can I find a way within group policy to set a machine to autologon.

Can anyone point me to what I am missing or possibly doing wrong?

Monday, January 9, 2017 9:15 PM

All replies

0

Sign in to vote

Please do the following :

1) Open Regedit
2) Go to HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon
3) Replace the value of AutoAdminLogon --> 1
3) If not present, create a REG_SZ DefaultUserName
4) Enter your AD username for value.
5) If not present, create a REG_SZ DefaultPassword
6) Enter your password for value
7) If not present, create a REG_SZ DefaultDomainName
8) Enter your domain name (Format "domain.local") if your computer is joined to your domain

Best Regards,

Gilles Tremblay
MCSE Server | Desktop | Messaging | Collaboration | Productivity | Mobility | Cloud Platform and Infrastructure

Dont forget to mark as Answered if you found this post helpful.

DISCLAIMER: This post is provided "AS IS" with no warranties of any kind, either expressed or implied, and confers no rights. Always test before!

Monday, January 9, 2017 9:31 PM
0

Sign in to vote

Thanks for your reply, but the steps above do not work.

Whenever the machine is rebooted, the AutoAdminLogon value reverts back to 0.

I think this is due to some Group Policy from the DC being pushed out to the machines, but I can't seem to find the actual culprit.

Thanks,
Chris

Tuesday, January 10, 2017 1:34 PM
0

Sign in to vote

> Whenever the machine is rebooted, the AutoAdminLogon value reverts back to 0.

> I think this is due to some Group Policy from the DC being pushed out to the machines, but I can't seem to find the actual culprit.

elevated commandline, "gpresult /h report.html", then open in IE and search for autoadminlogon :-)

If this does not help, check all scheduled tasks with trigger "at startup" as well as startup scripts from GPOs.

If this still does not help, grab process monitor, filter on autoadminlogon and trace during reboot. Then find the process that writes the zero value and examine its parents.

Tuesday, January 10, 2017 1:53 PM
0

Sign in to vote
Hi,

Take a backup of HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon

Then delete AutoLogonCount.

If Windows see AutoAdminLogon 1 and AutoLogonCount is set to 0 it will reset AutoAdminLogon after next reboot.

Please Mark This As Answer if it solved your issue Please Vote This As Helpful if it helps to solve your issue /Sebastian Norén
- Edited by Sebastian Norén Tuesday, January 10, 2017 2:44 PM
Tuesday, January 10, 2017 1:56 PM
0

Sign in to vote
Thanks. gpresult showed that the autoadminlogon key has a 0 state in the "Winning GPO" of Default Domain Policy in the Extra Registry Settings section. Now just have to find the correct GPO on the DC to be able to change it.

Any guidance on where in the GPM this might be located?

Thanks,
Chris
- Edited by fiddler43 Tuesday, January 10, 2017 9:35 PM Added additional info.
Tuesday, January 10, 2017 9:14 PM
0

Sign in to vote

Not a factor. I know that the autoadmincount affects the aalogon. That key is not present in the registry, so it doesn't affect how aalogon works.

Tuesday, January 10, 2017 9:16 PM
0

Sign in to vote
You can rightclick the domain in GPMC and then search after a specific GPO and setting.

See this link for more info:

https://deployhappiness.com/searching-gpos-for-that-specific-setting/

Please Mark This As Answer if it solved your issue Please Vote This As Helpful if it helps to solve your issue /Sebastian Norén
- Edited by Sebastian Norén Wednesday, January 11, 2017 7:42 AM
- Proposed as answer by Alvwan Monday, January 16, 2017 1:28 AM
Wednesday, January 11, 2017 7:42 AM
0

Sign in to vote
> Thanks. gpresult showed that the autoadminlogon key has a 0 state in the "Winning GPO" of Default Domain Policy in the Extra Registry Settings section. Now just have to find the correct GPO on the DC to be able to change it.

Then at some point in time, someone made a custom ADM file to add this value to the defdompol :-)

a) Create your own ADM to remove it

b) Use Torchsoft registry studio which can edit registry.pol directly

c) Create a new Domain policy with all settings from the current ddp you still need, then use dcgpofix to reset the ddp to its initial content.
- Proposed as answer by Alvwan Monday, January 16, 2017 1:28 AM
Wednesday, January 11, 2017 12:20 PM
0

Sign in to vote

Hi,

Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

Best Regards,

Alvin Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, January 16, 2017 1:27 AM