HOW TO: Enable Automatic Logon in Windows 2000 Professional

http://support.microsoft.com/default.aspx?scid=kb;en-us;234562

HOW TO: Enable Automatic Logon in Windows

http://support.microsoft.com/default.aspx?scid=kb;en-us;310584

HOW TO DO IT:

==============

Firstly, you need to be aware of the following registry keys under "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\" - I've added comments as to their relevance:

• "DefaultDomainName" (should be set to the PC's name - I'll explain why further below).

• "DefaultUserName" (Should be set to a local user-account with full admin rights - I'll explain why further below).

• "DefaultPassword" (This key needs to be created and is self-explanatory I would think).

• "AutoAdminLogon" (This value needs to be set to "1" to enable // "0" to disable)

• LegalNoticeCaption (The value for this MUST be empty - I'll explain why further below)

• LegalNoticeText (The value for this MUST be empty - I'll explain why further below)

One easy way for this is a dual-pronged ESWD package approach. One package to take care of the installation, registry-settings and the first reboot, the second to undo the registry changes and to reboot the server again, so that all is finished. My suggestion would go as follows:

===

Step 1: Begin by creating an ESWD (Enhanced Package Builder) package which does the following:

- Set "AutoAdminLogon" to "0"

- Removes the value for "DefaultPassword"

- Sets "DefaultDomainName" to whatever your domain is

- Sets "DefaultUserName" to whatever your usual domain-admin account is.

- If you have chosen to lock out keyboard+mouse in (2), obviously these registry entries also need to be undone.

- Includes an command to reboot the server after 'X' seconds (where X needs to be long enough to give the server plenty of time to finish installing the main package post-login. (You can do this by use of the "POWEROFF.EXE" which is in "\Windows\System32" (part of the LDMS client install)). An example command-line for that would be:

"C:\Windows\System32\Poweroff.exe 600 /REBOOT" - this will reboot the system after 600 seconds (10 minutes).

NOTE: Poweroff is CASE SENSITIVE - so "/REBOOT" must be in captials!

===

Step 2: Create a second ESWD package, which does the following:

- Set "AutoAdminLogon" to "1"

- Set "DefaultDomainName" to the PC-name (use the $MACHINENAME$ to help you here) so that it performs a local log-on. I'll explain this in a moment.

- Set "DefaultUserName" to a local-administrator (which I assume you've created).

- Create/Set "DefaultPassword" to whatever password the local administrator has.

- Start the install of the main package (Norton AntiVirus).

- Add an entry to the "RunOnce" key to call the (small) ESWD-package created in (1).

- If you should chose to do so, you can lock out mouse + keyboard via registry as well (for security). If you do so, make sure you re-enable this in the registry in the package created in (1).

- Reboots the PC (as per usual) once Norton AntiVirus has done it's side of the installation.

Step 3: You're done :).

===

WHAT'S HAPPENING AND WHY:

===========================

The above may seem a little confusing, so I'm going to explain things a little.

A: You add registry-entries to allow you to do the auto-logon (2) according to your desires.

B: I suggest that you use a LOCAL admin-account as opposed to a domain-account, as this makes you more resilient towards dodgy domain-trust relation ships. This way, you've not got to worry at all about domain-trusts that aren't working 100% and might be causing problems - because you log on locally.

C: You create a registry entry in RunOnce (2) that calls the package created in (1). The package created in (2) starts everything (including the Norton AntiVirus install), and the package in (1) undoes the changes so that everything is put back to normal again, as well as rebooting the PC a second time.

D: You require 2 reboots. The first to complete your application install (with the auto-logon). The second, to apply the Registry changes which the small package (1) did, to reset your server to normal.

E: The "LegalNoticeCaption" and "LegalNoticeText" registry keys MUST be empty, because they will prompt for a click-able "OK" box, which will break the auto-logon process.

This should help.

IE5.5 install - a practical example:

=====================================

Olivier Herve kindly provided some example scripts which were used for an IE5.5 install and had to go through just what was described above. There is also an addition here for security - keyboard + mouse lockout. That's THIS section in IE55SP1.CFG:

BEGINREGISTRY
KEY: new, "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass"
VALUE: reg_dword, replace, "start", "4"
ENDREGISTRY
BEGINREGISTRY
KEY: new, "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass"
VALUE: reg_dword, replace, "start", "4"
ENDREGISTRY

If you're doing a login-requiring install on a server (especially remotely), you might want to lock out mouse + keyboard for any potential interference. The reasoning here would be for instance that - during those "completing install minutes" anyone could just use the PC and create themselves a local admin-account.

With a locked-out keyboard + mouse this is no longer an issue. Just remember to include the reset to this in your restarting-script. The following is from RESTART.CFG to enable keyboard + mouse again:

BEGINREGISTRY
KEY: new, "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass"
VALUE: reg_dword, replace, "start", "1"
ENDREGISTRY
BEGINREGISTRY
KEY: new, "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass"
VALUE: reg_dword, replace, "start", "1"
ENDREGISTRY

The scripts included are meant as a good starting point, should you need it.

I've uploaded these scripts to here.

NOTES:

=======

Credit goes to Jon Giffard who provided the information for this Tech Hint.

Credit for the ESWD-script files goes to Olivier Herve.