Link to home
Create AccountLog in
Avatar of dfollin2
dfollin2

asked on

Autologin Question

I am reviewing a case where someone had configured their computer with an autologin feature.  I have reveiwed the registry and the autologin is enabled and the default username is that individual's.  There is no default password key located in the registry.

I am wondering:
1.  How do I determine if that individual actually changed those key values?
2.  How does it login with no default password?  Is there another key that allows the login without a password?
3.  Are there other artifacts that I should be looking for?

Any help would be greatly appreciated.
Avatar of johnb6767
johnb6767
Flag of United States of America image

If there is no password on the account, its just like hitting enter to login......

Unless auditing was enabled before hand, there is no way to tell who set the key/values.....

Other artifacts for what??
How to turn on automatic logon in Windows XP
http://support.microsoft.com/kb/315231

This is everything you need to know about the AutoLogon feature, and related reg entries.....
Avatar of dfollin2
dfollin2

ASKER

That's where I went before posting.

There is a password associated with the account as it was part of the company's domain AD.  As far as artifacts goes, I thought that was in my question:  "How do I determine if that individual actually changed those key values?"

I was thinking auditlogs (and if so what IDs may be helpful), but was also curious to know if there were any more artifacts out there that could be beneficial (again to the question I just asked).  Also, if there was no default password setup in the registry and this person did have one, how did it autologin?

Thanks.
ASKER CERTIFIED SOLUTION
Avatar of FirstSentinel
FirstSentinel
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
If Auditing was NOT enabled, you are not going to find out..... I honestly dont know why it logged on by itself. Sure it was logging onto a Domain account, instead of another local account?
Didn't completely solve what I needed, but provided enough to where I can stop my search.