0
Ok so I'm trying to achieve a scenario where my managed systems automatically login after any reboot and then lock the PC to secure them. I've achieved this in Windows 7 by using control userpasswords2 to set auto-login with the password and then created a scheduled task to trigger on user login to run a program rundll32.exe with arguments user32.dll,LockWorkStation.
This works completely fine in Windows 7 but not in Windows 10. WIth Windows 10, it appears to lock and shows "locking" however it doesnt prompt for the password when coming back in.
However if i manually lock the system with windowskey+L or run the command from commandline/runbox it locks properly and then requires password to get in.
I can't figure out why this is happening. On one test system, i kept the task but disabled auto login and when logging in manually with password, the system would NOT lock. Scheduled task history says it completed successfully.
Richard Chase
Posted 2019-06-06T19:43:33.980
Reputation: 101
So did some more testing and it just makes even less sense than before. SO instead of runniing rundll32, im running a batch file on the desktop that has the command in it. I added "pause" to the top so I could see if it was actually running and when I did this, i logged in, had to press any key to continue and then the system locked as expected. THen I removed the pause and in one instance it worked properly and in another, i was able to click the screen and get back in without a password. However without auto login, i noticed the screen flash, almost as if it locked while at the login screen – Richard Chase – 2019-06-06T20:24:00.477
Part of the issue with windows 10 is that it doesnt display "locked" like Windows 7 does so it's harder to verify if its working or not. – Richard Chase – 2019-06-06T20:25:15.527
I can confirm that the batch file or task scheduler actually executes before logging in so this appears to be a bug. I noticed when I add "pause" to the top when i reboot the PC and then login, the batch window is already open and displaying. Going to go more in depth and put in some sort of timer and counter to double check but it appears as though its executing before login not after. – Richard Chase – 2019-06-06T20:34:47.643
Double confirmed. Added a timeout /t 60 to the script and rebooted system. Waited about 20 seconds and then logged in and the timer was at 40 seconds left. So task scheduler seems to interpret "at login" as "at login screen" not when the user actually logs in. – Richard Chase – 2019-06-06T20:50:28.963
Tried doing this with GPO instead under Configuration\Administrative Templates\System\Logon and double click on Run These Programs at User Logon: but the same results, timer is already active when i login. – Richard Chase – 2019-06-06T21:15:33.357
One more thing. Putting the batch file in C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup also results in the same, it executes before user logs in. – Richard Chase – 2019-06-06T21:32:14.983
Nobody has any ideas? – Richard Chase – 2019-06-11T19:18:35.673