37
9
I want to configure Windows 7 to login automatically after the computer is switched on. That's not because I'm lazy and don't like typing passwords. That's because I want programs that are configured to run on startup run automatically.
But I don't want everyone to see my desktop, so I want my computer to remain locked. When I'm ready to work, I just type my password and don't have to wait until all startup programs run.
utapyngo
Posted 2011-11-01T02:43:37.240
Reputation: 1 713
14
Take a look at this: Auto Logon and Lock
Auto Logon to Windows and immediately Lock Workstation (Safe Mode protected too)
Auto Logon & Lock is a small utility that enables your Windows PC to automatically logon to a user account on boot and then lock the desktop so a password is still required. Some of the reasons you might want to do this are: Faster boot time. The additional post-logon start up items are also started after Windows boots. Which means when you press the power button on your PC and come back after a few minutes, its completely booted up. No need to wait for additional software to load after you logon. Automatically resume downloads etc. when your PC reboots due to a power failure or crash. On XP you could do this by installing the application as a system service. In Vista and 7, Session 0 Isolation makes using a system service a pain, not to mention it's insecure. Just put your applications in the regular Windows Start Up folder and they will be launched after the auto logon. It password protects Safe Mode as well. Existing auto logon methods leave Safe Mode unprotected. It locks the desktop before Explorer is started. Other methods auto-lock using an autorun/start up entry which leave the PC logged on and unlocked until the autorun entries are executed (which can even take several minutes).
I haven't tried it myself, but it looks like it does what you want...
Kryten
Posted 2011-11-01T02:43:37.240
Reputation: 1 950
1This looks more secure: instead of just putting itself to startup, it replaces the system shell (explorer) by itself. – utapyngo – 2011-11-01T15:22:13.600
3@utapyngo if it works by replacing explorer I'd strongly disagree on the security assessment. Explorer is a popular target for malware trying to break into a system; and I find it highly unlikely that a third party is able to put anywhere near as much effort into testing a replacement as MS is into testing the original. – Dan is Fiddling by Firelight – 2012-05-24T18:36:52.193
4@Dan: actually it does not replace explorer.exe but uses a feature of Windows which allows changing a user's shell by changing a registry value. – utapyngo – 2012-05-25T15:30:19.070
8
You can implement this as a windows task scheduled to be performed at login:
Run program rundll32.exe With arguments user32.dll,LockWorkStation
It works on my XP and 7, however it won't work on Windows 8/8.1
Nate Koppenhaver
Posted 2011-11-01T02:43:37.240
Reputation: 3 523
1This works very well for me. Probably not 100% secure but good enough for my home use and non-invasive. – srmark – 2014-10-01T21:11:17.010
1works on windows 10, save it to a .cmd and put it in shell:startup – malix – 2016-06-07T15:59:59.257
2I know about this trick. However, if I put this batch file in startup, it would leave a security hole on my computer: until it gets running, someone bad could do someting bad. As I said, I don't want anyone to see my desktop. – utapyngo – 2011-11-01T02:55:23.620
3@eye - sadly, you are leaving a security hole by automatically logging in. This solution will at least work. I'd recommend not logging in automatically if you want security. – Rory Alsop – 2011-11-01T11:56:46.137
1Depending on your system it would run very quickly and lock... You could leave your monitor switched off too then the only indication your PC was on would be any lights on the front/keyboard? – HaydnWVN – 2011-11-01T13:29:24.850
@eye this runs very quickly -- It would be hard for someone to gain access before it would lock because even if they started to open something it would lock while they were doing it – Nate Koppenhaver – 2011-11-01T20:36:26.440
7
I managed to lock the PC immediately on startup while loading windows/startup items in the background. This works with Windows editions that has group policy editor.
Step 1: Open notepad, then paste this code:
WScript.CreateObject("WScript.Shell").Run("rundll32 user32.dll,LockWorkStation")
Step 2: Click File>Save As and in Save as type dropdown menu, choose All Files
Step 3: In the File Name field, enter LockWorkStation.vbs and save the file to C:\Users\YourUserName\Documents
Step 4: Hit WindowsKey+R, type regedit and press ENTER
Step 5: Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Step 6: Right Click on a blank space and click New> DWORD (32-bit) Value and press ENTER
Step 7: Double click the newly created REG_DWORD file. In the Value name type RunLogonScriptSync and in the Value data type1 and then press ENTER
Step 8: Hit WindowsKey+R, type gpedit.msc and press ENTER
Step 9: Under Computer Configuration, go to
Administrative Templates > System > Logon then Double Click Run these programs at user logon
Step 10: Click Enabled, and on Items to run at logon click Show...
Step 11: Type C:\Users\YourUserName\Documents\LockWorkStation.vbs and click OK repeatedly until all windows are closed
Step 12: Hit WindowsKey+R and type control.exe userpasswords2 then press ENTER
Step 13: Uncheck Users must enter a user name and password to use this computer. then click OK (type in your password if it prompts to do so)
Step : Restart your PC.
Now whenever you start your PC, the .vbs script will run first before anything else. This will ensure that your PC is locked before the desktop appears.
Note: You can change C:\Users\YourUserName\Documents\ to wherever you want to store your script.
ej8989
Posted 2011-11-01T02:43:37.240
Reputation: 71
Thanks, that's the ACTUAL solution over here. Didn't knew about RunLogonScriptSync which is actually the key to solving this problem. – Evengard – 2017-07-25T11:02:54.190
See also https://lifehacker.com/5645098/make-windows-load-your-desktop-before-you-log-in
– Tobias Kienzler – 2017-12-11T09:01:24.4274
I used to do this on my home computer (not any more). It involves just two simple steps.
Include a shortcut in your personal Startup folder (or the registry's Run key) to lock the computer, either wih the following command or with nircmd utility.
rundll32.exe user32.dll,LockWorkStation
Since most start-up programs are loaded in parallel, your computer will be locked almost immediately upon being automatically logged into. There's minimum concern of someone snooping in and stopping the lock.
However, if you need to ensure the computer is locked as soon as possible, follow the order in this article (avoid RunOnce as this is deleted after run, unless you can place a counter-script somewhere else to add it back).
I found this KB article which lists the order proper for older versions of Windows, but I can't find an official equivalent for Windows 7.
ADTC
Posted 2011-11-01T02:43:37.240
Reputation: 2 649
1
I used the Sysinternals tool autologon.exe to set up the automatic logging on. I then created a shortcut at:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
with the command
rundll32.exe user32.dll,LockWorkStation
Rod
Posted 2011-11-01T02:43:37.240
Reputation: 13
0
This is old but since there are some concerns to use rundll32.exe
What’s the guidance on when to use rundll32? Easy: Don’t use it
Occasionally, a customer will ask, "What is Rundll32.exe and when should I use it instead of just writing a standalone exe?"
The guidance is very simple: Don't use rundll32. Just write your standalone exe.
Here is another approach which will save from compiling a standalone exe yourself. Just save this as Lock-Workstation.ps1 and run it with powershell.
Function Lock-WorkStation {
#Requires -Version 2.0
$signature = @"
[DllImport("user32.dll", SetLastError = true)]
public static extern bool LockWorkStation();
"@
$LockWorkStation = Add-Type -memberDefinition $signature -name "Win32LockWorkStation" -namespace Win32Functions -passthru
$LockWorkStation::LockWorkStation() | Out-Null
}
Lock-WorkStation
Taken from Script-Center
Jürgen Steinblock
Posted 2011-11-01T02:43:37.240
Reputation: 318
0
There is one secure solution: Do not shut down your system!
Windows 7 offers several methods for hibernating the system: Suspend-to-RAM (S3), Suspend-to-Disk (S4) and the Hybrid hibernate which combines both. There should be at least one method that suits you.
After wake-up from those modes all your applications are already started and ready for work.
If you enable the option "Require a password when the computer wakes" then you have exactly what you want plus it is 100% secure (or as secure as Windows can make it).
Windows 7 is usually stable enough to be used in this way. Most time I only boot when Windows Update has installed new patches and forces me to restart my system.
Robert
Posted 2011-11-01T02:43:37.240
Reputation: 4 857
If you use hibernate (suspend to disk) the computer will be turned off. – Robert – 2015-04-23T13:55:20.633
1What about unintentional shutdown? (e.g., a power outage, or some bad actor intentionally turning the system off and on again?) – pioto – 2014-03-14T03:39:02.520
0
one (not very best) way to implement it might be:
net user <user> <password>rundll32.exe user32.dll,LockWorkStationthese two lines can be put into autoexec.bat file or startup folder in a batch file to run on every login
to activate autoexec.bat in registry
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec's value should be 1
v14t
Posted 2011-11-01T02:43:37.240
Reputation: 181
1There are ways to auto-login a user with a password. Besides, if you set a password on a passwordless user, you need to manually remove it for the passwordless login to work the next time. Plus the password is stored plain text in the script. – ADTC – 2016-06-07T16:43:37.683
1There probably isn't any way to do this. Have you considered hibernating instead of shutting down? – Harry Johnston – 2011-11-01T02:58:40.017
Yes. I don't like hibernating because some programs lose their network connection and I have to restart them anyways. – utapyngo – 2011-11-01T03:11:59.170
Which programs in detail? Have you tried to make the authors fix this problem? – Robert – 2011-11-01T12:41:21.290
@eye:I don't get it. So because you have to restart these programs, you decide you need to restart your whole machine?? Am I missing something? – surfasb – 2011-11-01T14:11:52.823
2@surfasb: one more reason is that it is faster to turn off and turn on my computer that dump 8 gigabytes of RAM and then read it back. – utapyngo – 2011-11-02T16:18:06.630
@surfasb another reason is that hibernating won't help a desktop that loses power unexpectedly. You can configure the BIOS to restart the computer when power is restored; but only services are restarted not any usermode applications. – Dan is Fiddling by Firelight – 2012-05-24T18:40:10.893
@DanNeely: Very good point. Not all desktops are hooked up to a UPS. – surfasb – 2012-06-01T15:32:13.720