Autoadminlogon and Autologoncount deprecating to zero unexpectedly

My first question asked here :-)

I have a really odd scenario.

I've built a WDS environment, and as part of this I've written a PowerShell script that, among other things, adds features and roles and joins the server to the correct domain/ou based on its name etc.

It all runs perfectly well except for one issue - when it has added the features, and reboots (twice) the autoadminlogon and autoadminlogoncount registry keys are both set to zero.

Prior to this they have a count of 3

I can manually logon and change the counts and everything works again.

But I've drawn a blank as to why it's deprecating the counts. I've even added a pair of lines in the script to aribtrarily change the count to 7 and ensure the autoadminlogon key is 1. This writes just after the features are added and the server reboots, but still - no luck.

I'd appreciate if anyone has any insight as it's taken a mostly non-interactive build and turned into an interactive one.
LVL 26
Tony JLead Technical ArchitectAsked:
Who is Participating?
 
Tony JLead Technical ArchitectAuthor Commented:
Unfortunately I have had no answer to this.

My own research has led me down the lines of adding in various keys to the regustry but with no success.

I am going to write into the build script to read an encrypted file and drop the password into sysinternals' autologon.exe program. Not ideal but a workaround nonetheless.
0
 
btanExec ConsultantCommented:
Looks like MS doing. Each time the computer is restarted and the administrator is automatically logged on, the AutoLogonCount value is decremented by one until the count reaches zero. The automatic logon occurs only when the computer is rebooted, not when the user logs off. After this value reaches 0, Windows will disable autologon and remove all registry values related to this setting. Every much MS enforce this so that specific scenario  e.g., unattended installations require autologon only once, not to breach security.

http://support.microsoft.com/kb/221477

There is one discussion here that you may find useful.

http://www.christowles.com/2011/02/sysprep-and-settings-autologon-keys.html

e.g. removing the autologoncount from the registry is not enough, it still counted down. What i did to solve the problem is after making the answerfile with wsim, was removing the counter afterwards from the xml by hand. This can't be done from wsim. Now it automatic logs on until i remove the logon account by script or hand
0
 
Tony JLead Technical ArchitectAuthor Commented:
Thanks - not ignoring your response, just that the site I'm at has been impacted by the Sophos problems this last few days so this took a back seat.

I'll try the suggestion of hand-removing the autologon count. I can script turning it off at any given point and that would actually be quite a useful way as then adding stuff to the script that requires additional reboots wouldn't require a rewrite of the xml.

I'll post back soon wether it worked or not.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Tony JLead Technical ArchitectAuthor Commented:
Afraid it didn't work. Autoadminlogon still incorrectly gets set to 0
0
 
btanExec ConsultantCommented:
wonder if this can help http://www.logonexpert.com/
0
 
Tony JLead Technical ArchitectAuthor Commented:
Unfortunately not in this environment. Third party utils won't be accepted. Thanks though

Would really like to understand why it's zero'ing the value.
0
 
btanExec ConsultantCommented:
saw in previous links that others also encounter ...extracted below

================
I ran into the same problem. In discoverd that removing the autologoncount from the registry is not enough, it still counted down.
What i did to solve the problem is after making the answerfile with wsim, was removing the counter afterwards from the xml by hand. This can't be done from wsim.
Now it automatic logs on until i remove the logon account by script or hand
0
 
Tony JLead Technical ArchitectAuthor Commented:
Yeah you just repeated your first post unfortunately - that's exactly what I just tried but at some point post adding roles and joining the domain, the autoadminlogon is zeroed even if the autoadminlogoncount key is not present.
0
 
btanExec ConsultantCommented:
Besides AutoAdminLogon and AutoAdminLogonCount, i can only suspect another three key registry settings that would be for the "Auto Logon" issue:
- if we disable AutoAdminLogon (e.g. "0"), it should be disabled as expected (i hope)
- if we enable AutoAdminLogon (regardless AutoAdminLogonCount), and  assumed all below are filled up for this admin account manually, it still go back to zero and then this is strange

DefaultUserName = "xxx"
DefaultPassword = "xxxx0xxxx"
DefaultDomainName = "xxx.xxx".  Only needed if computer has joined a domain.

think need more inputs from more folks :)
0
 
Tony JLead Technical ArchitectAuthor Commented:
Nope...doesn't require those keys. The logon details aren't stored in the registry by WDS.

What is more, if you reset the autoadminlogon to 1 then it logs in again until such time as you manually set it back to 0.
0
 
btanExec ConsultantCommented:
Looks like another long journey to uncover
0
 
Tony JLead Technical ArchitectAuthor Commented:
No information led to a solution. Have come up with a workaround myself. Sysinternals is acceptable as it's a Microsoft product now, and free.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.