Auto-logon: securing the registry

  • Thread starter Thread starter AlanN
  • Start date Start date
A

AlanN

Hi there,

We have some servers i'd like to auto-login - though most of what they do
runs as a service, some legacy desktop applications point blank refuse to
play nicely and must be run under a domain account. As the servers are on a
domain, the control userpasswords2 method of auto-logon will not work (the
options do not appear on a domain machine). TweakUI would be overkill and a
pain to roll out, so the registry is our only option.

If we were to restrict the Winlogon key in the registry to the local admins
group via ACL, what's the worst that could happen? (Please bear in mind that
the only people who ever access this server do it via a local intranet site
over the anonymous IUSR account, and people in the local admins group).
Thanks!
 
Use the reghack in these articles.


How to Enable Automatic Logon in Windows NT
http://support.microsoft.com/default.aspx?scid=kb;[LN];97597

How to Enable Automatic Logon in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;[LN];234562

How to Enable Automatic Logon in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;[LN];324737


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"AlanN" wrote:
> Hi there,
>
> We have some servers i'd like to auto-login - though most of what they do
> runs as a service, some legacy desktop applications point blank refuse to
> play nicely and must be run under a domain account. As the servers are on
> a
> domain, the control userpasswords2 method of auto-logon will not work (the
> options do not appear on a domain machine). TweakUI would be overkill and
> a
> pain to roll out, so the registry is our only option.
>
> If we were to restrict the Winlogon key in the registry to the local
> admins
> group via ACL, what's the worst that could happen? (Please bear in mind
> that
> the only people who ever access this server do it via a local intranet
> site
> over the anonymous IUSR account, and people in the local admins group).
> Thanks!
 
Hi Dave,

Thanks for the reply, but I don't think you've read my OP!

I'm looking to secure the hacks below a little. Could you have another read
of my suggestion and let me know your thoughts?

Thanks,

Alan

"Dave Patrick" wrote:

> Use the reghack in these articles.
>
>
> How to Enable Automatic Logon in Windows NT
> http://support.microsoft.com/default.aspx?scid=kb;[LN];97597
>
> How to Enable Automatic Logon in Windows 2000
> http://support.microsoft.com/default.aspx?scid=kb;[LN];234562
>
> How to Enable Automatic Logon in Windows Server 2003
> http://support.microsoft.com/default.aspx?scid=kb;[LN];324737
>
>
> --
>
> Regards,
>
> Dave Patrick ....Please no email replies - reply in newsgroup.
> Microsoft Certified Professional
> Microsoft MVP [Windows]
> http://www.microsoft.com/protect
>
> "AlanN" wrote:
> > Hi there,
> >
> > We have some servers i'd like to auto-login - though most of what they do
> > runs as a service, some legacy desktop applications point blank refuse to
> > play nicely and must be run under a domain account. As the servers are on
> > a
> > domain, the control userpasswords2 method of auto-logon will not work (the
> > options do not appear on a domain machine). TweakUI would be overkill and
> > a
> > pain to roll out, so the registry is our only option.
> >
> > If we were to restrict the Winlogon key in the registry to the local
> > admins
> > group via ACL, what's the worst that could happen? (Please bear in mind
> > that
> > the only people who ever access this server do it via a local intranet
> > site
> > over the anonymous IUSR account, and people in the local admins group).
> > Thanks!
>
 
Nothing beats physical access control if you must leave them logged on.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"AlanN" wrote:
> Hi Dave,
>
> Thanks for the reply, but I don't think you've read my OP!
>
> I'm looking to secure the hacks below a little. Could you have another
> read
> of my suggestion and let me know your thoughts?
>
> Thanks,
>
> Alan
 

Similar threads

AWS
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Replies
1
Views
291
Tony D
Tony D
AWS
How to mitigate rapid cyberattacks such as Petya and WannaCrypt
Replies
0
Views
544
AWS
AWS
Tony D
MBAM found Rootkit.Fileless.MT Gen
Replies
18
Views
2K
starbuck
starbuck
allheart55 (Cindy E)
Personal digital assistants are on the rise (and they want to talk)
Replies
3
Views
883
Bill M.
Bill M.
Tony D
ERUNT error when FRST is run
Replies
10
Views
2K
starbuck
starbuck
Back
Top