Autologon 3.10 with password containing a quotation mark RRS feed

  • Question

  • I'm working on a simple autologon powershell script that uses sysinternals autologon.exe.

    I have it working perfectly fine but it will not work when using a password that has a quotation mark.
    I have tried escaping the character like this: `"
    Also note that when using the GUI part of the exe it accepts a password that contains a quotation mark.

    It seems the issue is with how autologon.exe is handling the quotation mark (through command line) and not an issue with how Powershell is passing the value.

    I also considered just making registry entries in the script but it leaves the password in the registry as clear text whereas the exe encrypts the password.

    Passwords cannot be changed as they were generated and in use in a production environment.

    Here is a simple script example of what I'm doing:

    $autologon = ".\Autologon.exe"
    $username = "myuser"
    $password = 'passthe"please'
    $domain = "mydomain.com"
    Start-Process $autologon -ArgumentList $username,$domain,$password

    Wednesday, August 14, 2019 1:22 PM

All replies

  • There may be a problem in Autologon..

    I treid pass ing a password containing the ' in the user interface and I got back an error of password invalid.

    The guide says that the password is not checked, while the error implicitly says that a control is done.

    What can be possible is that a check is performed against the length of the parameter and the string whic may be considered ended at the ' and from there the returned error..


    Wednesday, August 14, 2019 4:14 PM
  • You might try again using a double quote mark (") which does work in the GUI. It's when passing through command line I have an issue.

    May be a whole other issue with single quote mark (')

    Wednesday, August 14, 2019 6:02 PM
  • Well, escaping the password in powershell creates a command that in your opinion should work:

    $password = "passthe`'`'please"

    And in procmon i can see the process started correctly:

    but a write filter always on procmon doesn't show the write to the necessary registry key..

    While if I use the interface of Autologon and pass two ' as you suggested, de facto escaping the single ' , I still get the same error of password invalid as before..

    So, it's not a matter of single ' or double '' in any case Autologon parse the password for some reason and if it get the ' it returns an error of invalid password..

    MarkC can you look at this?


    Thursday, August 15, 2019 2:32 PM
  • Again, it may not be any different from your tests but I'm using a single double quote (") not two single quote marks ('). Just wanted to clarify in case anyone else is testing this. 
    Thursday, August 15, 2019 4:31 PM
  • Well, it's a completely different thing :-)

    I used two single quote, the double quote is a different character and probably works fine, but is not converted to a single quote by autologon.. and so probably the logon operation won't succeed.. even if autologon seems to work..


    Thursday, August 15, 2019 6:22 PM
  • I don't want to convert it to a single quote. I'm trying to pass a single double quote character. 

    I never said I was using a single quote character.

    Thursday, August 15, 2019 6:50 PM
  • Sorry, I misunderstood your problem..

    I thought you had problem with the single quote character, while your problem is with the double quote..

    I got the same error message from the interface with both single ' or double " quote..

    So it looks like the tool check what is passed on the command line and both characters are invalid..

    Digging some more, looks like this is the string containing all the possible character to be used:


    and both are available so it must be a bug in the string parser..


    Thursday, August 15, 2019 8:22 PM
  • I've debugged Autologon..

    it follow two different route when started by command line and via user interface..

    The double quote are inside the command line correctly, when read by the GetCommandLneA function.

    But at a certain point the code start looking for the character 22 which is our double quote..

    Comparing each character of the command line to that..

    Here the moment when probably it gets deleted..

    After that the password is changed and the tentative to validate the password via LogonUserW fails silently..

    MarkC, this is work for you :-)


    Friday, August 23, 2019 1:59 PM