Home > OS >  Changing Registry\...\Winlogon\AutoAdminLogon before auto logon execute
Changing Registry\...\Winlogon\AutoAdminLogon before auto logon execute

Time:01-05

The situation/context/intent

I try to run a task (on windows 10) which activate or deactivate auto logon depending on the NetConnection name (to see if I am home). The script works and is executed, but I guess the task is too late, since auto logon use the pre-existing value over the one set by the script. Or, is it that the script is delayed by the Wi-Fi, which maybe still launching, allowing auto logon to do its things or something like that?

What I tried

Well first, I look on the internet, but all I could find was how to activate auto logon and nothing near what I try to do.

Then, on stackoverflow, I did found something call gina.dll. Turn out, it has bean replace by credential provider. Which look like an aventure better avoided and, I think, it is just the interface to logon anyway.

Then I tried to use the event, kernel-Boot id 30, which, should be monitoring the start up process. "Maybe this would be earlier than the default startup", I thought. But, I observe the same result as with "on startup". (Maybe it is the same thing as "on startup".)

The script (PowerShell)

$RegPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
if((Get-NetConnectionProfile | select -ExpandProperty Name) -ceq "The connection name"){
  Set-ItemProperty $RegPath "AutoAdminLogon" -Value "1" -type String
}else{
  Set-ItemProperty $RegPath "AutoAdminLogon" -Value "0" -type String
}

The exported task

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2022-01-02T17:37:14.7356723</Date>
    <Author>LAPTOP\admin</Author>
    <Description>Connexion automatique à admin</Description>
    <URI>\Tâche personalisé\Connexion automatique</URI>
  </RegistrationInfo>
  <Triggers>
    <BootTrigger>
      <Enabled>true</Enabled>
    </BootTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>I probably do not want that out there</UserId>
      <LogonType>Password</LogonType>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>false</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT1M</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>PowerShell</Command>
      <Arguments>C:\ScriptPersonnalise\ConnexionAutomatique.ps1</Arguments>
    </Exec>
  </Actions>
</Task>

CodePudding user response:

As pointed in the previous comment, this is insecure as you have to store the username and password in clear text in the registry.

Now, for the AutoAdminLogon feature to work, you have to set additional registry keys and values (to be created if they don't already exist):

Root Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

Value: AutoAdminLogon  [string = 1]
Value: DefaultUserName [string = user name]
Value: DefaultPassword [string = user password]

If the computer is joined to a domain, you also have to add/set the following registry key:

Root Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

Value: DefaultDomainName [string = domain FQDN (i.e. my.domain.com)]

Note that if DefaultPassword is not specified, Windows automatically changes the value of AutoAdminLogon from 1 (true) to 0 (false), disabling the feature. This may explain why your key is reset and may not be related to delayed execution of the script as per your educated guess :-)

Also note that there are several configurations, especially in a domain environment that will prevent the AutoAdminLogon feature to work properly, like if you have a logon banner set, are using EAS (Exchange Active Sync) and so on...

Finally, consider using a tool from SysInternals called AutoLogon that can help you achieve your goal in a slightly more secure way as it allows you to use an encrypted password.

CodePudding user response:

Starting with the obvious comment of this being insecure, you could likely default autologon to a second account with a custom shell. The custom shell would wait for network, update autologon appropriately, the logoff.

CodePudding user response:

As far as you define the environment of Windows 10 and knowledge of plain tex username/password you can implement your own Credential Provider.

Your provider will be called for ICredentialProvider::SetUsageScenario and ICredentialProvider::GetCredentialCount.

This time you can take a decision to do autologon or not.

As a result of your evaluation you may return TRUE at pbAutoLogonWithDefault parameter.

Later your provider will be called for ICredentialProviderCredential::GetSerialization where you can serialize username and password.

Page link:https//www.codepudding.com/os/250896.html

Prev:How to send a command with arguments without spaces in Windows
Next:How to align button with dropdown inline with other link anchor
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding