Need to check out the Windows AutoLogonSID registry value and other autologon security features in Windows
Posted by jpluimers on 2024/10/16
On my list of things to look at via [Wayback/Archive] “AutoLogonSID” – Google Search:
- [Wayback/Archive] command line – How to disable Autologon enabled by using Sysinternal’s Autologon.exe? – Super User
- [Wayback/Archive] SysInternals AutoLogon and securely encrypting passwords. | Keith’s Consulting Blog
The SysInternals
AutoLogontool uses the LSA Secrets to store theDefaultPasswordin the registry. Yes it is technically encrypted, *however* just because it’s encrypted, does not mean that it’s safe to put your secure passwords there. Any administrator can decrypt and read the value. - [Wayback/Archive] Use PowerShell to Decrypt LSA Secrets from the Registry – Scripting Blog
- [Wayback/Archive] Autologin / Autologon Sysinternals with Windows 10 issue
- [Wayback/Archive] Protecting the Automatic Logon Password – Win32 apps | Microsoft Docs
…
Note that if Winlogon cannot find a password stored by the LsaStorePrivateData function, it will use the DefaultPassword value of the Winlogon key (if it exists) for the automatic logon password.
- [Wayback/Archive] LsaStorePrivateData function (ntsecapi.h) – Win32 apps | Microsoft Docs
- [Wayback/Archive] MSGina.dll Features – Win32 apps | Microsoft Docs
So despite autologon.exe being more secure than plain text passwords it is still a risk, though only from privileged code. If anyone can already privileged code on a machine you have far more to worry about (;
To speak with Raymond Chen: [Wayback/Archive] It rather involved being on the other side of this airtight hatchway | The Old New Thing.
So I think it is a fair improvement to configure automatic logon to Windows using autologon.exe than using plan text world readable registry keys, so please consider [Wayback/Archive] Autologon – Windows Sysinternals | Microsoft Docs
Autologon enables you to easily configure Windows’ built-in autologon mechanism. Instead of waiting for a user to enter their name and password, Windows uses the credentials you enter with Autologon, which are encrypted in the Registry, to log on the specified user automatically.
…
Also, if the shift key is held down before the system performs an autologon, the autologon will be disabled for that logon. You can also pass the username, domain and password as command-line arguments:
autologon user domain passwordNote: When Exchange Activesync password restrictions are in place, Windows will not process the autologon configuration.
Anyway: back to the AutoLogonSID. I think that is used with Windows to have a passwordless user automatically logon to a Windows system after boot. I’m not sure yet, so hopefully I have time to dig into that somewhere in the future.
Related blog posts from the past:
- Some Windows 10 updates remove registry values; not sure how widely
- How to turn on automatic logon in Windows
- Sysinternals Suite – lots of tools are now available as 64-bit as well (which includes
autologon.exe) - automatic logon in Windows 2003
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment