Jump to content

Auto-logon: securing the registry

Guest AlanN
Guest AlanN
in Tech Help and Discussions

Guest, which answer was the most helpful?

If any of these replies answered your question, please take a moment to click the 'Mark as solution' button on the post with the best answer.
Marking posts as the solution will help other community members find answers to their questions quickly. Thank you for your help!

Featured Replies

Posted

Hi there,

 

We have some servers i'd like to auto-login - though most of what they do

runs as a service, some legacy desktop applications point blank refuse to

play nicely and must be run under a domain account. As the servers are on a

domain, the control userpasswords2 method of auto-logon will not work (the

options do not appear on a domain machine). TweakUI would be overkill and a

pain to roll out, so the registry is our only option.

 

If we were to restrict the Winlogon key in the registry to the local admins

group via ACL, what's the worst that could happen? (Please bear in mind that

the only people who ever access this server do it via a local intranet site

over the anonymous IUSR account, and people in the local admins group).

Thanks!

  • Quote
  • Mark as Solution
    •

    Use the reghack in these articles.

     

     

    How to Enable Automatic Logon in Windows NT

    http://support.microsoft.com/default.aspx?scid=kb;[LN];97597

     

    How to Enable Automatic Logon in Windows 2000

    http://support.microsoft.com/default.aspx?scid=kb;[LN];234562

     

    How to Enable Automatic Logon in Windows Server 2003

    http://support.microsoft.com/default.aspx?scid=kb;[LN];324737

     

     

    --

     

    Regards,

     

    Dave Patrick ....Please no email replies - reply in newsgroup.

    Microsoft Certified Professional

    Microsoft MVP [Windows]

    http://www.microsoft.com/protect

     

    "AlanN" wrote:

    > Hi there,

    >

    > We have some servers i'd like to auto-login - though most of what they do

    > runs as a service, some legacy desktop applications point blank refuse to

    > play nicely and must be run under a domain account. As the servers are on

    > a

    > domain, the control userpasswords2 method of auto-logon will not work (the

    > options do not appear on a domain machine). TweakUI would be overkill and

    > a

    > pain to roll out, so the registry is our only option.

    >

    > If we were to restrict the Winlogon key in the registry to the local

    > admins

    > group via ACL, what's the worst that could happen? (Please bear in mind

    > that

    > the only people who ever access this server do it via a local intranet

    > site

    > over the anonymous IUSR account, and people in the local admins group).

    > Thanks!

  • Quote
  • Mark as Solution
    •

    Hi Dave,

     

    Thanks for the reply, but I don't think you've read my OP!

     

    I'm looking to secure the hacks below a little. Could you have another read

    of my suggestion and let me know your thoughts?

     

    Thanks,

     

    Alan

     

    "Dave Patrick" wrote:

    > Use the reghack in these articles.

    >

    >

    > How to Enable Automatic Logon in Windows NT

    > http://support.microsoft.com/default.aspx?scid=kb;[LN];97597

    >

    > How to Enable Automatic Logon in Windows 2000

    > http://support.microsoft.com/default.aspx?scid=kb;[LN];234562

    >

    > How to Enable Automatic Logon in Windows Server 2003

    > http://support.microsoft.com/default.aspx?scid=kb;[LN];324737

    >

    >

    > --

    >

    > Regards,

    >

    > Dave Patrick ....Please no email replies - reply in newsgroup.

    > Microsoft Certified Professional

    > Microsoft MVP [Windows]

    > http://www.microsoft.com/protect

    >

    > "AlanN" wrote:

    > > Hi there,

    > >

    > > We have some servers i'd like to auto-login - though most of what they do

    > > runs as a service, some legacy desktop applications point blank refuse to

    > > play nicely and must be run under a domain account. As the servers are on

    > > a

    > > domain, the control userpasswords2 method of auto-logon will not work (the

    > > options do not appear on a domain machine). TweakUI would be overkill and

    > > a

    > > pain to roll out, so the registry is our only option.

    > >

    > > If we were to restrict the Winlogon key in the registry to the local

    > > admins

    > > group via ACL, what's the worst that could happen? (Please bear in mind

    > > that

    > > the only people who ever access this server do it via a local intranet

    > > site

    > > over the anonymous IUSR account, and people in the local admins group).

    > > Thanks!

    >

  • Quote
  • Mark as Solution
    •

    Nothing beats physical access control if you must leave them logged on.

     

    --

     

    Regards,

     

    Dave Patrick ....Please no email replies - reply in newsgroup.

    Microsoft Certified Professional

    Microsoft MVP [Windows]

    http://www.microsoft.com/protect

     

    "AlanN" wrote:

    > Hi Dave,

    >

    > Thanks for the reply, but I don't think you've read my OP!

    >

    > I'm looking to secure the hacks below a little. Could you have another

    > read

    > of my suggestion and let me know your thoughts?

    >

    > Thanks,

    >

    > Alan

  • Quote
  • Mark as Solution
    •

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...
    Go to topic listing