Windows Sysinternals Administrator's Reference: Security Utilities

  • 6/15/2011

Autologon

The Autologon utility enables you to easily configure Windows’ built-in autologon mechanism, which automatically logs on a user at the console when the computer starts up. To enable autologon, simply run Autologon, enter valid credentials in the dialog box, and click the Enable button. You can also pass the user name, domain, and password as command-line arguments, as shown in the following example:

autologon Abby MYDOMAIN Pass@word1

The password is encrypted in the registry as an LSA secret. The next time the system starts, Windows will try to use the entered credentials to log on the user at the console. Note that Autologon does not verify the submitted credentials, nor does it verify that the specified user account is allowed to log on to the computer. Also note that although LSA Secrets are encrypted in the registry, a user with administrative rights can easily retrieve and decrypt them.

To disable autologon, run Autologon and click the Disable button or press the Escape key. To disable autologon one time, hold down the Shift key during startup at the point where the logon would occur. Autologon can also be prevented via Group Policy.

Autologon is supported on Windows XP and newer, and requires administrative privileges.