Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1122
  • Last Modified:

Auto Login on Domain controller with locked session

I have a client who for reason of the way their accounting system maintenance works requires a session to be logged in at all times even after a power failure restart. We are running Windows 2003 Standard server on the data server that this is required to happen on and it is also the domain controller. So the question is how do we get the Server on startup to login automatically as a particular user then lock the session I believe that "rundll32.exe user32.dll, LockWorkStation" when run in a batch file will achieve the locked workstation part but  how do we get the auto login on that server to happen ??
0
NeilFrick
Asked:
NeilFrick
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Scheduled tasks don't work?  I'd try that first - schedule a task for when the computer starts.
0
 
NeilFrickAuthor Commented:
Tried that - no good
0
 
cfairleyCommented:
It in a autologon registry key, I'm looking for it now.  I've used it before to do an unattended install of a server.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
cfairleyCommented:
Here is one link, I'm looking for another.

http://windows.about.com/library/tips/bltip407.htm
0
 
NeilFrickAuthor Commented:
Found answer and tested it ok

You can accomplish this via RegEdits so that you can change them back on the fly after you complete your autologon routines. We use this process sometimes when we have to install software packages that require someone be logged on in order to capture the window handles and use SendKeys so that there is no user intervention. First you want to create a .VBS file to change the Registry entries for autologon. Make sure you replace the username\password variables

' Write RegKeys to perform an autologon
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon", "1", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword", myPassword, "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName", myUserName, "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUsername", "0", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption", "", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText", "", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon", "0", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\defaultDomainName", "", "REG_SZ"

This sets things up for autologon in case you have any policies in place via GPO or otherwise that may prevent autologon.

You will have to remove any "Legal Notice" type messages in case they pop up during logon as well.

' Write RegKeys to remove LegalNotice and LegalCaption
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LegalNotice", "", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption", "", "REG_SZ"

Then you can setup a program to run after the computer reboots and only for one time.

'Command to runonce after autologon
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\MyFolder", "C:\MyFolder\MyFile.exe", "REG_SZ"

When you have completed you can run this exact script to replace any registry values back to what they were before you cleared them for autologon.
0
 
cfairleyCommented:
Excellent!  Thanks for posting it for everyone's benefit.
0
 
WeHeCommented:
btw, you should set propper permissions on this registry Keys, as everyone can read your cleartext password from them.
0
 
moduloCommented:
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now