Windows XP or Windows 2000 automatically logon and prevent user logoff
Posted by: Jason Brundage in Microsoft Windows XP, tags: Microsoft Windows Server, RegeditFirst prevent the user from being able to logoff the Windows XP or Windows 2000 PC. The user will be able to reboot, shutdown, or select stand by and hibernate.
-
On a remote PC, go to Start -> All Programs -> Accessories -> right click on “Command Prompt” and select Run AS
-
Enter the administrator account and passwrod that has administrator rights to the remote pc and click OK
-
In the console (some call it the DOS window), type mmc.exe and hit <enter>
-
In the MMC, at the top click on File -> Add/Remove snap-in
-
Scroll down to Group Policy Object Editor
-
Click Add
-
Click on Browse
-
Select the Computers tab
-
Select the option “another computer’”
-
Type: [remote pc name]
-
Click OK and then click Finish
-
click close and the click OK
-
You should be at the Console Root of mmc.exe
-
Now Browse to: User Configuration -> Administrative Templates -> System -> CTRL+ALT+Del Options
-
Change “Remove Logoff” to enabled
If you need to revert the changes so the user can logoff like in scenario when one needs to support the pc remotely, set this to NOT CONFIGURED and reboot the pc. -
Reboot the remote pc.
-
When you logon to hte remote pc locally, you will notice that you can not logoff, even if you press CTR+ALT+DEL
Now that you removed the ability to log off the PC, you now need to setup the Windows XP or Windows 2000 pc to automatically logon.
-
Do a RUN AS to launch Regedit and use your administrator credentials credentials
-
Within Regedit, click File and select connect Network Registry
-
type in the remote pc name. click on OK
-
on the remote pc browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
-
Double click on DefaultUserName (this is the login name)
-
Double click on DefaultPassword (this is where the password is stored)
-
Double click on DefaultDomainName (this is where the PC or domain name is stored)
-
Double click on AutoAdminLogon and change to 1 to a 0 (zero)
0: means no autologon
1: means autologon
Reboot the PC the Windows XP, or Windows 2000 pc again. The Pc should automatically logon to the pc.
The user will not be able to logoff preventting someone from over writting the credentials that you put in the registry.
Keep in mind that the password that you put in the registry will not be encrypted but be stored in clear text.
So anyone that has rigths to view the remote pc’s registry will be able to see the user logon ID, password and domain
that you are loging into the pc with.
Entries (RSS)
First of all I would like to say that this is a very informative and helpful site, I really enjoy just trolling through and reading all the different topics gaining Ideas and understanding..
This is my dilemma;
I am going to set up a generic network user account for a pc to log itself on and to not allow the user to log off.
When that PC boots up I am going to have it begin the script to run “Internet Explorer KIOSK mode and hide a batch script” Which I found on this page, http://myitkb.net/internet-explorer-kiosk-mode-and-hide-a-batch-script/
This brings me to my problem, how would I log on to this PC as an administrator and perform any tasks which I may need to do if it is auto logging and then going into Kiosk mode?
It may have a very simple method but I can’t figure out how to easily do this.
The second issue I am having is when I attempt to follow the step by step instructions to set up the PC to do the Auto logon configuration; I am having an issue tring to remote into the target PC. It stops me at the point where I am to put in the target PC’s name. It won’t accept any of my credentials to allow me to either search for the PC or even type in the name manually.
Is there another method of performing the necessary changes?
I have Dameware and AD available or I can even just pull the PC and bring it into our shop.
I really want to get this going; I appreciate any and all help you can give me.
Thank you
Dear Suasponte:
->”…how would I log on to this PC as an administrator and perform any tasks which I may need to do if it is auto logging and then going into Kiosk mode?…”
I am not sure what task you are trying to do, I am sure you can do many of them via command line… I use psexec.exe if the tool that I am using does not support remote connectivity to a PC/kiosk. However there are times that I would need to log on as local admin to trouble shoot an issue that the user is having. In this case you will need to temporally disable autologon by following the steps above but turn auto logon off and disable the group policy that does not allow the user to log off the pc.
->”… I am having an issue trying to remote into the target PC. ….”
This sounds like either a rights or firewall issue. Can you c$ into the pc? If not that I would imaging that you do not have admin rights on the remote PC. Also, are you disabling remote registry management? If so this would prevent you from connecting to the remote PC’s registry also. If you are using a PC firewall, make sure the ports are opened up for this type of traffic. Some PC firewalls prompt the user asking if it is OK for the remote connection… I am trying to through ideas out there without have more details of your environment that you are working on..
So to recap.. make sure you have local rights on the remote PC, check your any firewalls that may be blocking, and change any policies that you maybe forcing to not allowing remote connection to the PC.