81
47
When Windows 7 is joined to a domain the option to automatically login is no longer available in the advanced User Management console. Since I am running a small home domain because of SharePoint and TFS, how would I go about enabling this setting?
The HowToGeek Article here covers it however the options are disabled when joined to a domain.
BinaryMisfit
Posted 2009-08-24T09:32:44.047
Reputation: 19 955
115
From : My Digital Life Article
Click Start, click Run, type
regedit, and then click OK. In Windows Vista/7, simply typeregeditin Start Search and hit Enter.Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonDouble-click the
DefaultUserNameentry, type the user name to log on with, and then click OK.If
DefaultUserNameregistry value name is not found, create a new String Value (REG_SZ) with value name asDefaultUserName.Double-click the
DefaultPasswordentry, type the password for the user account under the value data box, and then click OK.If there is no
DefaultPasswordvalue, create a new String Value (REG_SZ) withDefaultPasswordas the value name.Note that if no
DefaultPasswordstring is specified, Windows automatically changes the value of theAutoAdminLogonregistry key from 1 (true) to 0 (false) to turn off theAutoAdminLogonfeature.In Windows Vista/7,
DefaultDomainNamehas to be specified as well, else Windows will prompt for invalid user name with the user name displayed as.\username. To do so, double click onDefaultDomainName, and specify the domain name of the user account. If it’s local user, specify local host name.If the
DefaultDomainNamedoes not exist, create a new String Value (REG_SZ) registry key with value name asDefaultDomainName.Double-click the
AutoAdminLogonentry, type1in the Value Data box, and then click OK.If there is no
AutoAdminLogonentry, create a new String Value (REG_SZ) withAutoAdminLogonas the value name.If it exists, delete the
AutoLogonCountkey.Also if it exists, delete the
AutoLogonCheckedkey.Quit Registry Editor.
Click Start, click Restart, and then click OK.
William Hilsum
Posted 2009-08-24T09:32:44.047
Reputation: 111 572
21
Further to William Hilsum's answer, this method does not require you to leave the password in plain text in the registry (although I am not sure how the authentication is actually stored).
Step 1
As a local administrator, tell Windows to allow admins to log on automatically.
In Regedit, browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
If it is not there, create a new String Value called AutoAdminLogon
Set this value to 1
Step 2
Tell Windows to remember the password for logging in.
In the run box, type control userpasswords2
Ensure your domain username is in the list, if not, add it.
Untick (or tick and untick): Users must enter a user name and password to use this computer.
Make sure your username is selected. Click Apply.
At this point, Windows should prompt for the password that will be used.
Step 3
Now head back to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Ensure the following String Values are set, if not, set them:
DefaultUserName: Your domain username (without the domain prefix)DefaultDomainName: Your domainThat should be it.
Note on password changes:
You will need to redo this procedure from step 2 each time you change your password. Unfortunately Windows resets the DefaultDomainName to your local machine name every time you save that dialogue, so you have to change it back manually.
Adam Millerchip
Posted 2009-08-24T09:32:44.047
Reputation: 1 238
@AdamMillerchip, Microsoft stated that netplwiz does not work for domain members. – Ray Cheng – 2014-08-21T15:47:38.383
2I prefer this answer as the password doesn't seem to be stored in plaintext. Worked for me in a domain environment on Win7 SP1. – jmagnusson – 2015-02-16T07:58:39.140
It must have been SP1 of Windows 7 that got rid of the "userpasswords2" control panel applet. It doesn't seem to exist any more. – Josh M. – 2012-12-12T15:31:59.153
1It works for me on SP1. Have you run it from the Run box as instructed? It's not listed in the control panel - you have to run it manually. – Adam Millerchip – 2012-12-12T21:33:11.433
It could be that I'm on a domain and that control panel applet is not available in that case. Not sure why, but it doesn't come up. I've been using control userpasswords2 since 2003 or so. ;-) – Josh M. – 2012-12-13T03:20:27.023
2Just had a thought. As per the OP's link, did you also try netplwiz? – Adam Millerchip – 2013-02-01T06:38:38.597
3
Further to @Adam Millerchip's answer, we can reduce the password-change effort to what it was prior to joining a domain, when we always had to run control userpasswords2 again every time to store the new password. Now we're on a domain, we can just run a batch file instead that runs control userpasswords2 and also restores our domain and username registry settings:
AfterPwdChange.bat
control userpasswords2
pause
regedit /s WinLogonBit.reg
WinLogonBit.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultUserName"="mydomainusername"
"DefaultDomainName"="mydomain"
And if the reason for wanting the auto-logon is to get startup programs running, we might still prefer the workstation to end up locked after power-up. If so, we can place a shortcut in the Startup folder with the following command:
C:\Windows\System32\rundll32.exe user32.dll,LockWorkStation
Reg Edit
Posted 2009-08-24T09:32:44.047
Reputation: 1 930
-2
Maybe you can run this as a bat file or something:
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d YourUserNameHere /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d YourPasswordHere /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d YourDomainHere /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonChecked /f
SingASong23
Posted 2009-08-24T09:32:44.047
Reputation: 1
1What does this command do? Please explain and I’ll remove my downvote. – juniorRubyist – 2019-01-03T19:18:22.813
Welcome to SuperUser! You are posting to a question that was answered 9 years ago and by the votes it looks like that answer was very helpful. I'm not sure if your answer adds anything to this without further explanation of what this does. You will find that you will have a better experience if you take moment to take the Stack Overflow [tour]. If you follow the norms of the Stack Overflow community and approach it with an attitude of helping others too, it will serve you well. – Rey Juna – 2019-01-03T19:19:40.170
2That's probably not the smartest way to do it. There are multiple ways to get at the registry without using regedit.exe. VBScript, PowerShell, the "reg" command, and probably more. I think it's a better idea to change the ACL on the registry key itself to prevent users from viewing it. – Tmdean – 2015-03-19T22:16:11.157
1... To add to the little comment I made, if using this for a kios or similar, you would hopefully be using locked down software/a browser in kiosk mode or more so users wouldn't actually have access to the desktop... – William Hilsum – 2015-03-21T10:32:24.973
FYI: This won't work if you have any third party identifier like in my case ekey (fingerprint logon software) - so you have to remove that program for this to work – SimonS – 2017-03-08T16:16:22.893
1I can confirm this works with a Windows 7 VM joined to the domain. I have mild concerns about how accessible the password in the registry is: no privileges are required to read those keys; but the VM is used soley by me, so hopefully it isn't too serious. – jmtd – 2011-04-06T14:20:38.093
@jmtd - working, and security best practices are two separate things! I would only recommend this for a kiosk/guest/similar account. – William Hilsum – 2011-04-06T15:30:23.353
2On a kiosk, you should use Group Policy to disable registry access to prevent users from accessing the logon password. The setting is
User Config\Admin Templates\System\Prevent Access to Registry Editing Tools. – Bacon Bits – 2011-04-19T01:34:02.740