LSA Secrets are a protected area of storage used to store internal private data. Windows added a feature where the Logon process can read the DefaultPassword from LSA Secrets. Instead I give some weak password, and once the OS installation is finished, I secure the machine by giving the Administrator Account a more secure password using the command: net.exe user administrator * LSA Secrets And I never use secure passwords for the administrator account. This is what the MDT Litetouch scripts use to perform an AutoLogon to the local administrator account. That means that anyone who has read privileges to the WinLogon Key DefaultPassword Value can read the password as plain text. Secondly, the credentials, including the password are stored in registry as plain text, not a salted hash value as most passwords are stored.
First of all you don’t want just anyone to just bypass the first step in security and gain access to the desktop, so don’t use AutoAdminLogon for accounts that are important/sensitive. Now, This can be a problem in secure environments. But what if we want to automate some installation across reboots or make the workstation into a Kiosk, when we want to *skip* the logon prompt? Well the OS *always* requires the username and password (credentials), so we can work around this by entering the credentials into the registry: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Windows Sees that AutoAdminLogon is set to 1, and the rest of the registry entries are set, the OS will skip the Logon screen and go to the desktop.
When you login to Windows, it requires you to enter a user name and a password. You can also pass the username, domain and password as command-line arguments: autologon user domain password Also, if the shift key is held down before the system performs an autologon, the autologon will be disabled for that logon. Just run autologon.exe, fill in the dialog, and hit Enable. Instead of waiting for a user to enter their name and password, Windows uses the credentials you enter with Autologon, which are encrypted in the Registry, to log on the specified user automatically.Īutologon is easy enough to use. The Autologon tool says:Īutologon enables you to easily configure Windows’ built-in autologon mechanism. Got into a discussion the other day with someone regarding what “encrypted” means with respect to the Microsoft System Internals tool AutoLogon. Can you claim that your house is “secure” if you leave the key for the front door under the welcome mat? :^)
0 kommentar(er)
