Friday, April 6, 2012

Securely boot a computer with auto-login


There are plenty of situations where you'll want to ensure a program starts when the computer does. Best case scenario, these programs start as a Service... meaning, they'll run in the background as soon as the computer hits Windows and BEFORE you log in. Unfortunately, there's plenty of specialty software out there that doesn't run as a service, and requires a user to log in for it to start. (From the "Start Up" folder, registry, wherever)


Auto Login

The easy way is downloading a tool called "TweakUI" from Microsoft. I'm sure many of you have used this tool from time to time. It runs on Windows XP and I believe there's a Vista version floating around. It lets you change plenty of the built-in settings of your system.

Under Logon -> Autologon, enter a username, domain and set the password.
Domain can either be an actual business domain if on a company network, or just the computer name.


While, yes, it sucks that it mainly only works on XP, lets be honest - if you've got a terminal setup running specialty background software, it's probably also running XP as an OS.

Another way, is to do a regedit. (Start -> run "regedit")

Browse to: HKEY_LOCAL_MACHINE \ SOFTWARE  \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
And create 3 String values: AutoAdminLogon, DefaultUserName and DefaultPassword.

Set the first to just "1", (no quotes) and set the user and password.

Down side? Your login/password aren't encrypted. Anyone with access to this machine can look it up.

Can't exactly recall, but you may need a password setup for this to work... I just always have a password so it's a non-issue.

Secure Login

Once you've setup the auto-login, you've got another problem. Sure, everything's going to login fine, but now you're logging in a computer that you might not want people to have access to. All someone has to do is reset your computer and they'll have access.

That means next, you'll want to create a batch file (ending in .bat or .cmd) and put the following line in it:

rundll32.exe user32.dll, LockWorkStation

Then just put this file or a shortcut in to your start up folder.

Now, when your computer boots up, it'll automatically log in, but immediately lock itself. While it's locked, all the usual start up steps are happening in the background. This then forces someone to know the login in order to access the computer.




No comments:

Post a Comment