Go Premium for a chance to win a PS4. Enter to Win


Automatic Logon, Local logonscript refuses to run

Posted on 2004-08-06
Medium Priority
Last Modified: 2013-12-04

I've got a stand-alone Windows XP Pro Sp1-computer, which I want to secure.
This computer will be used by some of clients in my company.
I do not want to give them rights to change something.
So I've created a registry-file which hide\disables almost anything for the regular local user.
This file is called upon during logon, via the Logon script in the propertiestab of the local user.

I've got a similar script for the administrator, which unhides\enables everything which used to be hidden. Everything works like a charm. Changes to any of the two files will be incorporated after the next reboot.

But then I wanted to use the automatic logon-feature:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Automatic logon works, but now the script for the regular user fails to run.
Any changes I made to the registry-file will not be incorporated in the registry.
If I logon manually with the user, the changes will be made.

So the combination logon-scripts and Autologon is at fault.

Does anybody know how I can resolve this problem?

Question by:Lioncasa
1 Comment
LVL 11

Accepted Solution

mwnnj earned 500 total points
ID: 11863355
Hi , if you have a pc to secure then you should probably throw away this autolog-on function... cuz with the autolog-on function things are everething but secure.
So take a look at this link:
http://www.kellys-korner-xp.com/win_xp_passwords.htm ,
How to Enable Automatic Logon in Windows

If you set a computer for auto logon, anyone who can physically obtain access to the computer can gain access to all of the computer contents, including any network or networks it is connected to. In addition, if you enable autologon, the password is stored in the registry in plaintext. The specific registry key that stores this value is remotely readable by the Authenticated Users group. ..."
 Please,take a look at the whole article and read carefully the whole point:"How to Enable Automatic Logon in Windows "

I found an another way that you can enable the automatic logon function in windows xp:


So,about your question;what i think about that:

If you want to manage different accounts on your system/pc then you need a separator ,something that will say :ok you want a new session to run the system ;which account you want to enter?You know in windows XP you have the chance to run multiple accounts under the current session but you need every time to use the log-on function of windows - the separator for this accounts .See if you want that the account Tom(any account type;not Guest account!) has its own startup and restrictions then you need the separator who will say :ok,you have told me to run this account every time with its specific startup and the restrictions you have made!"-This is the role of the winlogon.exe,this file manages the entry of your system,that you can choose a different account from the other accounts ,which is specific....The account Tom has its own startup which will not affect the other accounts on the system,and if you have other user or super user or admin accounts on the system -they will not affect the account Tom with their own setups and restrictions.You understand that if you enter an admin account you can change the startup for Tom and the restrictions ,let's say the old restrictions...you know that better!But the point is if you use the autolog-on function in windows...it is the same thing as if you want that guest account have permission to the system without the logon prompt...You know that you can run guest account  with the default startup for this account in windows and every time you specify something in this account it will disappear the next time you enter the account-it's guest account ,it must not have its own specific profile!
So if you have a network or internet and your standalone pc enters the network sometimes-then i will recommend that you disable the autologon,cuz it's unsecure!!!
Let's say your pc is really standalone:no network ,nor internet!,so if you want to keep this autolog-on function,why don't you make the restrictions and the specific startup under the local machine account.Use any startup manager or even easy the regedit.exe goto the node :
\HKEY_Local_Machine\Software\Windows\CurrentVersion\Run(for Win2k!!!;in WinXP can be little different!) and there you can make the link to you registry file/script for this speciffic startup will take affect under all of the accounts on your system:Warning!...You can then make the restrictions you want to make for the user account under the local machine account for to take effect.

What was the Warning about:
1)how many user restrictions did you make;i mean : 1.1) do you have only one restriction/startup
for user account and one for admin account or 1.2) you have different user accounts and every account has its own specific startup/restrictions.If is the second then you have no chance with autologon.If it's the first then read furthur.

2)If you make this restrictions under local machine than i'm not sure that you can enter your admin account with its own startup/restrictions ,cuz local machine is hierarchically stronger than the admin account.Probably it will become a mess;so just try and find out what will happen:make the restrictions/autostart for all accounts under local machine - if everything works fine-enter again your admin account as normal and see what will happen afterall,but see
it's dangerous for it could happen that you can't work properly under the admin accoun(i doubt it, but it's windows: you don't know what will happen ,till it occurs).So ,i don't whant that you will reinstall the whole system afterall !
ADVICE: simulate the whole thing on another pc that is not so importaint and find out what will happen.DO NOT PLAY WITH YOUR SYSTEM!I know that the system account is also hierchically stronger than the admin account ,i don't know if it's separated from the local machine account.You can start the system account with the task scheduler ,but see if you make a standalone pc with no restrictions for task scheduler for everyone that can enter the system account-it's everything but secure system!


My advice for sure is, that you go further useing you log-on function,just forget about this autolog-on it's not secure!

OK, if i find something more i'll post it straight away here.
Good luck!

till later

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question