NeilFrick
asked on
Auto Login on Domain controller with locked session
I have a client who for reason of the way their accounting system maintenance works requires a session to be logged in at all times even after a power failure restart. We are running Windows 2003 Standard server on the data server that this is required to happen on and it is also the domain controller. So the question is how do we get the Server on startup to login automatically as a particular user then lock the session I believe that "rundll32.exe user32.dll, LockWorkStation" when run in a batch file will achieve the locked workstation part but how do we get the auto login on that server to happen ??
Scheduled tasks don't work? I'd try that first - schedule a task for when the computer starts.
ASKER
Tried that - no good
It in a autologon registry key, I'm looking for it now. I've used it before to do an unattended install of a server.
That will probably do it. There may be a slight change for 2003.
http://support.microsoft.com/default.aspx?scid=KB%3BEN-US%3B315231
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B310584&Product=win2000
http://www.control.com/1026160508/index_html
http://support.microsoft.com/default.aspx?scid=KB%3BEN-US%3B315231
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B310584&Product=win2000
http://www.control.com/1026160508/index_html
ASKER
Found answer and tested it ok
You can accomplish this via RegEdits so that you can change them back on the fly after you complete your autologon routines. We use this process sometimes when we have to install software packages that require someone be logged on in order to capture the window handles and use SendKeys so that there is no user intervention. First you want to create a .VBS file to change the Registry entries for autologon. Make sure you replace the username\password variables
' Write RegKeys to perform an autologon
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Winlogon \AutoAdmin Logon", "1", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Winlogon \DefaultPa ssword", myPassword, "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Winlogon \DefaultUs erName", myUserName, "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Winlogon \DontDispl ayLastUser name", "0", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Winlogon \LegalNoti ceCaption" , "", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Winlogon \LegalNoti ceText", "", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Winlogon \ShutdownW ithoutLogo n", "0", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Winlogon \defaultDo mainName", "", "REG_SZ"
This sets things up for autologon in case you have any policies in place via GPO or otherwise that may prevent autologon.
You will have to remove any "Legal Notice" type messages in case they pop up during logon as well.
' Write RegKeys to remove LegalNotice and LegalCaption
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows\Cur rentVersio n\Policies \System\Le galNotice" , "", "REG_SZ"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows\Cur rentVersio n\Policies \System\Le galNoticeC aption", "", "REG_SZ"
Then you can setup a program to run after the computer reboots and only for one time.
'Command to runonce after autologon
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W indows\Cur rentVersio n\RunOnce\ MyFolder", "C:\MyFolder\MyFile.exe", "REG_SZ"
When you have completed you can run this exact script to replace any registry values back to what they were before you cleared them for autologon.
You can accomplish this via RegEdits so that you can change them back on the fly after you complete your autologon routines. We use this process sometimes when we have to install software packages that require someone be logged on in order to capture the window handles and use SendKeys so that there is no user intervention. First you want to create a .VBS file to change the Registry entries for autologon. Make sure you replace the username\password variables
' Write RegKeys to perform an autologon
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
This sets things up for autologon in case you have any policies in place via GPO or otherwise that may prevent autologon.
You will have to remove any "Legal Notice" type messages in case they pop up during logon as well.
' Write RegKeys to remove LegalNotice and LegalCaption
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
Then you can setup a program to run after the computer reboots and only for one time.
'Command to runonce after autologon
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\W
When you have completed you can run this exact script to replace any registry values back to what they were before you cleared them for autologon.
Excellent! Thanks for posting it for everyone's benefit.
btw, you should set propper permissions on this registry Keys, as everyone can read your cleartext password from them.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.