Disable Windows 7 auto-login after deployment
Manually, Open a CMD prompt, in the CMD prompt type Control Userpasswords2 , the first checkbox you see check it. [X] Users must enter a username and password to use this computer.
registry item is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon
Just as i figured, set to 0 and autologin is disabled, set to 1 and (this is bad) it is re-enabled fully. Tested.
why is that bad? because initialy I had put in a Password that will be used to access the the admin account automatically. By changing ONLY this one registry entry, the AutoPassword is still in the system.
Logically by using the GUI interface, the AutoPassword stored would be removed. Tested, my hunch was right, the GUI method did remove the AutoPassword, and I was unable to autologin without a password, Via just changing the registry item. I was still able to get in after Password error, by supplying the password, after the stored autopassword was removed.
With the registry change, that still leaves removing that protected storage item, the password?? Or a Psudo Admin user (or virus) could set that back to auto pretty quickly, and you should know that.
Side Notes: Also depending on the install, the admin should also be renamed, passworded , and even re-disabled if nessisary for the intended application. if the admin was re-passworded, the stored Auto password should become useless.
I do not really know enough about it, just tested theory.
Related videos on Youtube
03 : 45
03 : 06
01 : 50
![Windows 7: Enable Auto Login [Tutorial]](https://i.ytimg.com/vi/nUbf11FD_tI/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLAOEUfK-p7dEyLzRhgLfrbLWFcGEw)
04 : 00
02 : 01
Gaspode
Updated on September 18, 2022Comments
-
Gaspode almost 2 years
I'm deploying a Windows 7 upgrade using the distribution toolkit. After the install, the PC keeps attempting to auto-login as the administrator.
Is there any way to disable auto-login after the lite-touch install? Or possibly just disable it via command-line / registry entry?
-
Joe Taylor over 12 yearsYou might want to keep an eye on my question: superuser.com/questions/340396/…
-
MDT Guy over 10 yearsMDT sets an autologin when deploying the OS, if it's not turning off the autologin at the very end, something is wrong. Answer below is just a Band-Aid, not a solution to the root cause. Check you MDT log files and determine what is causing MDT to not turn this off like it should.
-
-
Gaspode over 12 yearsAh, that registry key will probably do. Just need to somehow make sure it's merged as the very, very final thing the install does..
-
MDT Guy about 11 yearsCreating a second admin account is a real pain in MDT and unnecessary. If you're really hell bent on securing the device, just create a step in the task sequence to rename it at the very end.
