11

I'm testing Windows Server 2016 (instead of 2012) but unchecking the "Users must enter a user name and password to use this computer" box in control userpasswords2 does NOT seem to let the machine auto-login with the provided account on boot.

Is there another method that works on 2016?

Ben Guild
  • 299
  • 1
  • 3
  • 9
  • 5
    Why are you considering this in the first place? – Seth Mar 25 '17 at 09:56
  • June 2020 documentation for Windows Server 2019 and below: https://docs.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon – Arjan Jan 05 '21 at 20:35

5 Answers5

16

Use Sysinternals Autologon. It stores the credentials in the registry more securely than other methods.

Autologon for Windows v3.10
https://technet.microsoft.com/en-us/sysinternals/autologon

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • This didn't work. The system does not autologon. – Ben Guild Apr 04 '17 at 05:55
  • It should have as Autologon has support for Windows Server 2008 and higher. Could there be something interfering you have tried before running Autologon? Undo them first. – Esa Jokinen Apr 04 '17 at 06:02
  • 2
    @BenGuild: Do you have the legal notice security settings defined? `Interactive logon: Message text for users attempting to log on` or `Interactive logon: Message title for users attempting to log on`. – Greg Askew Apr 04 '17 at 09:29
  • @GregAskew This machine isn't connected to a domain, so I don't think that would apply. – Ben Guild Apr 05 '17 at 03:02
  • 1
    @GregAskew I disabled the checkmark in `control userpasswords2` but the system still seems to not autologon. Pretty frustrating. This worked on 2012 – Ben Guild Apr 05 '17 at 03:10
  • 1
    Any solution? The above solutions does not work for me either on windows server 2016 (no domain) – Alkampfer Jul 14 '17 at 12:28
  • 1
    @Alkampfer - I've added an answer for non-domain Windows Server 2016 that may help you – killercowuk Nov 30 '18 at 10:26
  • Doesn't work with Azure AD either. -- It says the credentials are invalid (which is bogus, they're valid and I'm a local admin). – BrainSlugs83 Aug 31 '20 at 18:17
12

I also struggled to get this to work on a (non-Domain connected) Windows Server 2016.

I noticed that there was CTRL-ALT-DELETE requirement on login so thought I would try to disable this...and suddenly auto-login began to work!

Full steps I used:

To set auto-login account

  • Start > Run > netplwiz (as explained in other answers)
  • Un-tick "Users must enter a user name and password to use this computer."
  • Provide login credentials to be used for auto-logon

Disabling CTRL+ALT+DEL logon requirement

  • Start
  • Type 'Local Security Policy' (no quotes) and click on item matching this name
  • Open 'Local Policies'
  • Open 'Security Options'
  • Locate Policy called 'Interactive logon: Do not require CTRL+ALT+DEL'
  • Double click on it
  • Set to 'Enabled'

After applying this change and rebooting the server it managed to successfully auto-login to the account I had provided.

killercowuk
  • 233
  • 2
  • 6
11

While it really is an extremely bad idea it is still possible. However, the user must have a password AND the password is revealed to anyone that has access to HKLM. Most likely your desired user is even in the Domain Admins group.

As described in TechNet documentation AutoAdminLogon, you can add

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
"DefaultUserName"="your-admin-account"
"DefaultDomainName"="yourdomain.local"
"DefaultPassword"="YourAdminPasswordRevealedToThePublicByAStupidAdmin"

If this is a test environment not connected to your network and you are using a local admin account please be welcome to do so. Otherwise: just don't do it.

ADDITION: This doesn't answer the original question, but I just wanted to add a notice that this is still a suitable way to create a non-authenticated "kiosk machine", if you also add

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ForceAutoLogon"="1"

for logging the user automatically in right after logout. If your user is on Domain Guests group the profile will be automatically deleted on every logoff and a fresh profile created based on default profile. You could also change the shell for example if you want to launch a web browser instead of the default explorer.exe. Then, closing browser window will cause deletion of all cache and browsing history.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • Isn't the whole point of using `control userpasswords2` to avoid having to add raw password details to the registry.? Either way, that and Greg's solution unfortunately didn't work. – Ben Guild Apr 04 '17 at 05:57
  • 3
    Hi, just a note that although this does qualify as a bad idea in most cases, there are cases where this is perfectly acceptable, ex. in my current case where I am setting up a server image for testing purposes.. i.e. we need it to spin up, execute the tests and shut down again. – Stefan Z Camilleri Jul 26 '17 at 21:05
  • 1
    If you only configure the autoadminlogin key, the checkbox will appear. Then you can check, and uncheck it to enter your credentials, which will NOT be saved in the registry in plain text. – Brian D. Sep 01 '17 at 03:36
  • I have a game server in where the game requires the user to be logged in to start, so this in conjunction with a scheduled task that runs on login works perfectly to get it up again after a server restart. – JensB Jan 27 '18 at 09:02
3

Wow, I have been struggling with this for a few hours thinking that Microsoft had blocked this in the version I was using (Server 2016, 10.0.14393) or it only worked for non-admins or... most likely, I was an idiot.

The problem was that I am using it for testing on a Hyper-V server, and the virtual machine connection isn't really the "console" session when Enhanced Session is enabled. It uses RDP to create a new session.

The fix?

In Hyper-V, click View - Uncheck Enhanced Session.

Photo: Disable Enhanced View

You'll immediately be redirected to the console session which should be logged in.

To see if this is your issue as well, run the command query user. If you're not actually on the console, you'll see a different SESSIONNAME.

(Normal Session)
C:\Windows\system32>query user
 USERNAME              SESSIONNAME        ID  STATE   IDLE TIME  LOGON TIME
updater               console             1  Active      none   7/31/2018 3:51 PM

(Enhanced Session)
C:\Windows\system32>query user
 USERNAME              SESSIONNAME        ID  STATE   IDLE TIME  LOGON TIME
>updater               31c5ce94259d...     1  Active          .  7/31/2018 3:51 PM

Some more details about this and what enhanced session does here and other options: https://www.tenforums.com/tutorials/57136-turn-off-hyper-v-enhanced-session-mode-windows-10-a.html

Hope this helps someone else!

ServerGuy0328
  • 81
  • 1
  • 2
2

I realize this is an old post but it doesn't appear there was a direct answer offered to Ben's question.

It's simple, run netplwiz instead of controluserpasswords2, works for Win 10 as well.

Ron
  • 21
  • 1