Windows 2000/2003 Auto Logon procedure

Auto Logon

Issue

If Auto Logon is enabled on the scanned computer, the password that is used to log on automatically is stored in the registry (either in plaintext or encrypted format). In either case, this feature poses a security risk because anyone with physical access to the computer can boot the system and automatically log on without having to enter any credentials.

Solution

Disable the Auto Logon feature. To disable this feature, use the Registry Editor to remove the AutoAdminLogon and DefaultPassword values under the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon 

Caution 

• Using the incorrectly can cause serious, system-wide problems that may require you to reinstall Microsoft® Windows® to correct them. Microsoft cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be solved.

Note

• You need administrator access to perform this task.

Instructions

To disable the Auto Logon feature 

1. Click Start, click Run, and then type Regedit.exe.
2. In the Registry Editor, expand the following keys in this order: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. 
3. Click Winlogon.
4. In the right pane, find the DefaultPassword key in the name column and see if there is a value (anything other than “value not set”) in the data column. If there is no value set or the DefaultPassword key does not exist, Auto Logon is not enabled.
5. If there is a value, click the DefaultPassword key.
6. On the Edit menu, click Delete.
7. In the right pane, find the AutoAdminLogon key in the name column. If the value is set to 1, which indicates that Auto Logon is enabled, change the value to 0 to disable this feature.

Additional Information

The credentials used to log on by default during automatic logon are located under the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

AutoAdminLogon REG_SZ 0 or 1 – Must be zero to remove this feature.

When you use AutoAdminLogon, Windows automatically logs on the specified user when the system is started, bypassing the CTRL+ALT+DEL logon dialog box. This is a serious security problem because anyone can gain access to your computer.

DefaultUserName REG_SZ Username

DefaultPassword REG_SZ Password

Specifies the password for the user listed under DefaultUserName.

If the password that you use for automatic logon is stored programmatically by using the LsaStorePrivateData API, it is encrypted and stored under the following registry keys:

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\DefaultPassword\CurrVal

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\DefaultPassword\OldVal 

By encrypting the password as an LSA secret, you prevent remote users from reading a plaintext password that is stored under the Winlogon registry key. However, anyone with physical access to the computer can boot the system and log on automatically, whether the password is encrypted or in plaintext, which poses a security risk.