asked on

Auto Login on Domain controller with locked session

I have a client who for reason of the way their accounting system maintenance works requires a session to be logged in at all times even after a power failure restart. We are running Windows 2003 Standard server on the data server that this is required to happen on and it is also the domain controller. So the question is how do we get the Server on startup to login automatically as a particular user then lock the session I believe that "rundll32.exe user32.dll, LockWorkStation" when run in a batch file will achieve the locked workstation part but how do we get the auto login on that server to happen ??

Lee W, MVP

Scheduled tasks don't work? I'd try that first - schedule a task for when the computer starts.

NeilFrick

ASKER

Tried that - no good

cfairley

It in a autologon registry key, I'm looking for it now. I've used it before to do an unattended install of a server.

cfairley

Here is one link, I'm looking for another.

http://windows.about.com/library/tips/bltip407.htm

cfairley

That will probably do it. There may be a slight change for 2003.

http://support.microsoft.com/default.aspx?scid=KB%3BEN-US%3B315231

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B310584&Product=win2000

http://www.control.com/1026160508/index_html

NeilFrick

ASKER

Found answer and tested it ok

You can accomplish this via RegEdits so that you can change them back on the fly after you complete your autologon routines. We use this process sometimes when we have to install software packages that require someone be logged on in order to capture the window handles and use SendKeys so that there is no user intervention. First you want to create a .VBS file to change the Registry entries for autologon. Make sure you replace the username\password variables

' Write RegKeys to perform an autologon
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon", "1", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword", myPassword, "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName", myUserName, "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUsername", "0", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption", "", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText", "", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon", "0", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\defaultDomainName", "", "REG_SZ"

This sets things up for autologon in case you have any policies in place via GPO or otherwise that may prevent autologon.

You will have to remove any "Legal Notice" type messages in case they pop up during logon as well.

' Write RegKeys to remove LegalNotice and LegalCaption
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LegalNotice", "", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption", "", "REG_SZ"

Then you can setup a program to run after the computer reboots and only for one time.

'Command to runonce after autologon
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\MyFolder", "C:\MyFolder\MyFile.exe", "REG_SZ"

When you have completed you can run this exact script to replace any registry values back to what they were before you cleared them for autologon.

cfairley

Excellent! Thanks for posting it for everyone's benefit.

WeHe

btw, you should set propper permissions on this registry Keys, as everyone can read your cleartext password from them.

ASKER CERTIFIED SOLUTION

modulo

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial