Server 2012 – Enable domainlogon without entering credentials.

In short this post are going to show how to setup a machine to automatically log on to a domain account by entering information into registry.

Caution: When making the changes in this post there are some obvious security issues like logging onto the domain without credentials, and exposing the credentials in the registry in plain text.

Usage examples: It can be a viable solution for kiosk machines which needs to log on automatically with a limited account, and where an additional GPO to locks down the registry editor as well.

The changes we are going to make are located at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Each of these values should be created if they doesn’t already exist. Only AutoAdminLogon is in place as default, but with Value Data of 0 (disabled).

DefaultDomainName doesn’t have to be FQDN so instead of TEST.DMZ I could use TEST
If DefaultPassword isn’t specified, Windows will automatically reset AutoAdminLogon to 0 (disabled), which is the default setting.

Example: defaultdomain

Value Name Type Value Data
DefaultDomainName String Value (REG_SZ) TEST.DMZ
DefaultUserName String Value (REG_SZ) Username
DefaultPassword String Value (REG_SZ) Password
AutoAdminLogon String Value (REG_SZ) 1

Delete the AutoLogonCount key if it exists.

Restart to make the changes take effect.

 

Posted in Server 2012

Leave a Reply