I am working on a simple internal tool that does some work, reboots the machine, auto-logs in, and then continues doing its work (until it's done). This worked fine on our Windows Server 2008 machines that were not very locked down. Recently I have tried running this tool on some of our newer Windows Server 2012 machines that have more security lock downs and various GPOs enabled. One consequence that I noticed is that auto-login functionality was no longer working.
The tool uses the Winlogon
registry location @ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
to specify to enable auto-logon, a default username, and a default password via the values AutoAdminLogon
, DefaultUserName
, and DefaultPassword
respectively. These values were the first things that I checked when I ran the tool and I saw the values being set prior to a reboot and after the reboot/login the Winlogon
registry values were all reset to the default and my changes were undone.
I'm assuming that there's some GPO or security feature causing this (which is fine) but I'm curious to see if there is a way to track down which GPO or setting is doing it. I have checked the Local Group Policy Editor dialog but I wasn't able to find anything concrete. Is there any other place I can check or maybe look at some specific GPO that I may not know about?
Update: I found that the GPO Configure registry policy processing
is set to Process even if Group Policy objects have not changed
. If I'm not mistaken, this would explain why the policy is being applied on every reboot but I'm not still not clear on which policy it is.