[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Autoadminlogon and Autologoncount deprecating to zero unexpectedly

Posted on 2012-09-20
12
Medium Priority
?
4,279 Views
Last Modified: 2012-10-08
My first question asked here :-)

I have a really odd scenario.

I've built a WDS environment, and as part of this I've written a PowerShell script that, among other things, adds features and roles and joins the server to the correct domain/ou based on its name etc.

It all runs perfectly well except for one issue - when it has added the features, and reboots (twice) the autoadminlogon and autoadminlogoncount registry keys are both set to zero.

Prior to this they have a count of 3

I can manually logon and change the counts and everything works again.

But I've drawn a blank as to why it's deprecating the counts. I've even added a pair of lines in the script to aribtrarily change the count to 7 and ensure the autoadminlogon key is 1. This writes just after the features are added and the server reboots, but still - no luck.

I'd appreciate if anyone has any insight as it's taken a mostly non-interactive build and turned into an interactive one.
0
Comment
Question by:Tony J
  • 7
  • 5
12 Comments
 
LVL 65

Expert Comment

by:btan
ID: 38420549
Looks like MS doing. Each time the computer is restarted and the administrator is automatically logged on, the AutoLogonCount value is decremented by one until the count reaches zero. The automatic logon occurs only when the computer is rebooted, not when the user logs off. After this value reaches 0, Windows will disable autologon and remove all registry values related to this setting. Every much MS enforce this so that specific scenario  e.g., unattended installations require autologon only once, not to breach security.

http://support.microsoft.com/kb/221477

There is one discussion here that you may find useful.

http://www.christowles.com/2011/02/sysprep-and-settings-autologon-keys.html

e.g. removing the autologoncount from the registry is not enough, it still counted down. What i did to solve the problem is after making the answerfile with wsim, was removing the counter afterwards from the xml by hand. This can't be done from wsim. Now it automatic logs on until i remove the logon account by script or hand
0
 
LVL 26

Author Comment

by:Tony J
ID: 38427855
Thanks - not ignoring your response, just that the site I'm at has been impacted by the Sophos problems this last few days so this took a back seat.

I'll try the suggestion of hand-removing the autologon count. I can script turning it off at any given point and that would actually be quite a useful way as then adding stuff to the script that requires additional reboots wouldn't require a rewrite of the xml.

I'll post back soon wether it worked or not.
0
 
LVL 26

Author Comment

by:Tony J
ID: 38440534
Afraid it didn't work. Autoadminlogon still incorrectly gets set to 0
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 65

Expert Comment

by:btan
ID: 38440623
wonder if this can help http://www.logonexpert.com/
0
 
LVL 26

Author Comment

by:Tony J
ID: 38440642
Unfortunately not in this environment. Third party utils won't be accepted. Thanks though

Would really like to understand why it's zero'ing the value.
0
 
LVL 65

Expert Comment

by:btan
ID: 38440681
saw in previous links that others also encounter ...extracted below

================
I ran into the same problem. In discoverd that removing the autologoncount from the registry is not enough, it still counted down.
What i did to solve the problem is after making the answerfile with wsim, was removing the counter afterwards from the xml by hand. This can't be done from wsim.
Now it automatic logs on until i remove the logon account by script or hand
0
 
LVL 26

Author Comment

by:Tony J
ID: 38440700
Yeah you just repeated your first post unfortunately - that's exactly what I just tried but at some point post adding roles and joining the domain, the autoadminlogon is zeroed even if the autoadminlogoncount key is not present.
0
 
LVL 65

Expert Comment

by:btan
ID: 38440768
Besides AutoAdminLogon and AutoAdminLogonCount, i can only suspect another three key registry settings that would be for the "Auto Logon" issue:
- if we disable AutoAdminLogon (e.g. "0"), it should be disabled as expected (i hope)
- if we enable AutoAdminLogon (regardless AutoAdminLogonCount), and  assumed all below are filled up for this admin account manually, it still go back to zero and then this is strange

DefaultUserName = "xxx"
DefaultPassword = "xxxx0xxxx"
DefaultDomainName = "xxx.xxx".  Only needed if computer has joined a domain.

think need more inputs from more folks :)
0
 
LVL 26

Author Comment

by:Tony J
ID: 38440812
Nope...doesn't require those keys. The logon details aren't stored in the registry by WDS.

What is more, if you reset the autoadminlogon to 1 then it logs in again until such time as you manually set it back to 0.
0
 
LVL 65

Expert Comment

by:btan
ID: 38440941
Looks like another long journey to uncover
0
 
LVL 26

Accepted Solution

by:
Tony J earned 0 total points
ID: 38462152
Unfortunately I have had no answer to this.

My own research has led me down the lines of adding in various keys to the regustry but with no success.

I am going to write into the build script to read an encrypted file and drop the password into sysinternals' autologon.exe program. Not ideal but a workaround nonetheless.
0
 
LVL 26

Author Closing Comment

by:Tony J
ID: 38472869
No information led to a solution. Have come up with a workaround myself. Sysinternals is acceptable as it's a Microsoft product now, and free.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question