Hi,
as you know, for auto login on win nt you must configure 4 keys in registry
under :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

1-user name : DefaultUserName <REG_SZ> "user"
2-password : DefaultPassword <REG_SZ> "pass"
3-domain : DefaultDomainName <REG_SZ> "doman"
4-force auto login : AutoAdminLogon <REG_SZ> "1"

but the password store in "DefaultPassword" as clear text
unfortunately by this method everyone can find your password!!!

I want to know is there any way to put password as a crypted password in
this key or is there another way for auto login with non clear text password
format?


Kind Regards,
Farzad Hayati.

You're letting a computer automatically login, and you're worried about
someone finding your password out through the registry?

Priorities...

Matt Gibson - GSEC

"Unicorn" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
> as you know, for auto login on win nt you must configure 4 keys in
> registry
> under :
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>
> 1-user name : DefaultUserName <REG_SZ> "user"
> 2-password : DefaultPassword <REG_SZ> "pass"
> 3-domain : DefaultDomainName <REG_SZ> "doman"
> 4-force auto login : AutoAdminLogon <REG_SZ> "1"
>
> but the password store in "DefaultPassword" as clear text
> unfortunately by this method everyone can find your password!!!
>
> I want to know is there any way to put password as a crypted password in
> this key or is there another way for auto login with non clear text
> password
> format?
>
>
> Kind Regards,
> Farzad Hayati.
>
>
>
>

"Unicorn" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> 1-user name : DefaultUserName <REG_SZ> "user"
> 2-password : DefaultPassword <REG_SZ> "pass"
> 3-domain : DefaultDomainName <REG_SZ> "doman"
> 4-force auto login : AutoAdminLogon <REG_SZ> "1"
>
> but the password store in "DefaultPassword" as clear text
> unfortunately by this method everyone can find your password!!!

No they can't. They have to be an administrator to run Regedit to be able to
open the registry to see the password,...but if they are already
Administrators then they almost don't need your password.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Matt Gibson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> You're letting a computer automatically login, and you're worried about
> someone finding your password out through the registry?
>
> Priorities...

Not only that but they can see which account it logs in under,...even if
they have to run NBTSTAT,...and since every user can typically change their
own password, they can hit Ctrl-alt-Del, select Change Password and make it
something that only they know what it is. Then if that account also happens
to have Admin access, they can have a lot of fun with it now that he/she is
the only one that knows the password.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

*Grin*

Preach it!

Matt Gibson - GSEC

you are right Matt
I'm worried about someone finding your password out through the registry

I wanna set a computer as a remote destop share on network without monitor,
keyboard and etc. it must be auto logon but i'm worry about auto logon
password which is placed in registry!

"Matt Gibson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> You're letting a computer automatically login, and you're worried about
> someone finding your password out through the registry?
>
> Priorities...
>
> Matt Gibson - GSEC
>
> "Unicorn" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi,
> > as you know, for auto login on win nt you must configure 4 keys in
> > registry
> > under :
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
> >
> > 1-user name : DefaultUserName <REG_SZ> "user"
> > 2-password : DefaultPassword <REG_SZ> "pass"
> > 3-domain : DefaultDomainName <REG_SZ> "doman"
> > 4-force auto login : AutoAdminLogon <REG_SZ> "1"
> >
> > but the password store in "DefaultPassword" as clear text
> > unfortunately by this method everyone can find your password!!!
> >
> > I want to know is there any way to put password as a crypted password in
> > this key or is there another way for auto login with non clear text
> > password
> > format?
> >
> >
> > Kind Regards,
> > Farzad Hayati.
> >
> >
> >
> >
>
>

You're missing the point.

By having the computer automatically log in, you're eshewing any security
that you have. Having the password in the registry is a tiny risk compared
to having a logged in computer all the time.

Matt Gibson - GSEC

"Unicorn" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> you are right Matt
> I'm worried about someone finding your password out through the registry
>
> I wanna set a computer as a remote destop share on network without
> monitor,
> keyboard and etc. it must be auto logon but i'm worry about auto logon
> password which is placed in registry!
>
> "Matt Gibson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> You're letting a computer automatically login, and you're worried about
>> someone finding your password out through the registry?
>>
>> Priorities...
>>
>> Matt Gibson - GSEC
>>
>> "Unicorn" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > Hi,
>> > as you know, for auto login on win nt you must configure 4 keys in
>> > registry
>> > under :
>> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
>> > NT\CurrentVersion\Winlogon
>> >
>> > 1-user name : DefaultUserName <REG_SZ> "user"
>> > 2-password : DefaultPassword <REG_SZ> "pass"
>> > 3-domain : DefaultDomainName <REG_SZ> "doman"
>> > 4-force auto login : AutoAdminLogon <REG_SZ> "1"
>> >
>> > but the password store in "DefaultPassword" as clear text
>> > unfortunately by this method everyone can find your password!!!
>> >
>> > I want to know is there any way to put password as a crypted password
>> > in
>> > this key or is there another way for auto login with non clear text
>> > password
>> > format?
>> >
>> >
>> > Kind Regards,
>> > Farzad Hayati.
>> >
>> >
>> >
>> >
>>
>>
>
>

may you say right. it's high risk but my boss whant to do this risk.
It's so funny, but he want to hide this computer behind his office wall and
install some special program on it,
I don't know what is this program and I dislike to know!
then by wireless lan connect to that computer and use that program
as remote desktop share but sometime someone else may want to work with that
program (after login)
and they can goto regedit and find the logon password and another day they
work with this programs illegally!
but i think they don't have enough knowledge about regedit and password
place in registry but i'm worry about this
oh, my god!
my boss is really crazy!
anyway,

Thanks for your help Matt.


"Matt Gibson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> You're missing the point.
>
> By having the computer automatically log in, you're eshewing any security
> that you have. Having the password in the registry is a tiny risk
compared
> to having a logged in computer all the time.
>
> Matt Gibson - GSEC
>
> "Unicorn" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > you are right Matt
> > I'm worried about someone finding your password out through the registry
> >
> > I wanna set a computer as a remote destop share on network without
> > monitor,
> > keyboard and etc. it must be auto logon but i'm worry about auto logon
> > password which is placed in registry!
> >
> > "Matt Gibson" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> You're letting a computer automatically login, and you're worried about
> >> someone finding your password out through the registry?
> >>
> >> Priorities...
> >>
> >> Matt Gibson - GSEC
> >>
> >> "Unicorn" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed)...
> >> > Hi,
> >> > as you know, for auto login on win nt you must configure 4 keys in
> >> > registry
> >> > under :
> >> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> >> > NT\CurrentVersion\Winlogon
> >> >
> >> > 1-user name : DefaultUserName <REG_SZ> "user"
> >> > 2-password : DefaultPassword <REG_SZ> "pass"
> >> > 3-domain : DefaultDomainName <REG_SZ> "doman"
> >> > 4-force auto login : AutoAdminLogon <REG_SZ> "1"
> >> >
> >> > but the password store in "DefaultPassword" as clear text
> >> > unfortunately by this method everyone can find your password!!!
> >> >
> >> > I want to know is there any way to put password as a crypted password
> >> > in
> >> > this key or is there another way for auto login with non clear text
> >> > password
> >> > format?
> >> >
> >> >
> >> > Kind Regards,
> >> > Farzad Hayati.
> >> >
> >> >
> >> >
> >> >
> >>
> >>
> >
> >
>
>

If you are using Windows XP (as opposed to Windows NT 4.0 - I hope you are
not deploying a new NT4 box!), use TweakUI powertoy. When it saves the
password for auto login it saves in an encrypted storage.

"Unicorn" <(E-Mail Removed)> wrote in message
news:%23AO2$(E-Mail Removed)...
> may you say right. it's high risk but my boss whant to do this risk.
> It's so funny, but he want to hide this computer behind his office wall
> and
> install some special program on it,
> I don't know what is this program and I dislike to know!
> then by wireless lan connect to that computer and use that program
> as remote desktop share but sometime someone else may want to work with
> that
> program (after login)
> and they can goto regedit and find the logon password and another day they
> work with this programs illegally!
> but i think they don't have enough knowledge about regedit and password
> place in registry but i'm worry about this
> oh, my god!
> my boss is really crazy!
> anyway,
>
> Thanks for your help Matt.
>
>
> "Matt Gibson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> You're missing the point.
>>
>> By having the computer automatically log in, you're eshewing any security
>> that you have. Having the password in the registry is a tiny risk
> compared
>> to having a logged in computer all the time.
>>
>> Matt Gibson - GSEC
>>
>> "Unicorn" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > you are right Matt
>> > I'm worried about someone finding your password out through the
>> > registry
>> >
>> > I wanna set a computer as a remote destop share on network without
>> > monitor,
>> > keyboard and etc. it must be auto logon but i'm worry about auto logon
>> > password which is placed in registry!
>> >
>> > "Matt Gibson" <(E-Mail Removed)> wrote in message
>> > news:(E-Mail Removed)...
>> >> You're letting a computer automatically login, and you're worried
>> >> about
>> >> someone finding your password out through the registry?
>> >>
>> >> Priorities...
>> >>
>> >> Matt Gibson - GSEC
>> >>
>> >> "Unicorn" <(E-Mail Removed)> wrote in message
>> >> news:(E-Mail Removed)...
>> >> > Hi,
>> >> > as you know, for auto login on win nt you must configure 4 keys in
>> >> > registry
>> >> > under :
>> >> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
>> >> > NT\CurrentVersion\Winlogon
>> >> >
>> >> > 1-user name : DefaultUserName <REG_SZ> "user"
>> >> > 2-password : DefaultPassword <REG_SZ> "pass"
>> >> > 3-domain : DefaultDomainName <REG_SZ> "doman"
>> >> > 4-force auto login : AutoAdminLogon <REG_SZ> "1"
>> >> >
>> >> > but the password store in "DefaultPassword" as clear text
>> >> > unfortunately by this method everyone can find your password!!!
>> >> >
>> >> > I want to know is there any way to put password as a crypted
>> >> > password
>> >> > in
>> >> > this key or is there another way for auto login with non clear text
>> >> > password
>> >> > format?
>> >> >
>> >> >
>> >> > Kind Regards,
>> >> > Farzad Hayati.
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>

Dear john
thanks for your advise
that computer has MS-Win 2K Pro.
there are 2 main server else a win 2k adv. serv. sp4 + active dir.
and another is .net enterprise
may i upgrade it to win - xp



"John [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> If you are using Windows XP (as opposed to Windows NT 4.0 - I hope you are
> not deploying a new NT4 box!), use TweakUI powertoy. When it saves the
> password for auto login it saves in an encrypted storage.
>
> "Unicorn" <(E-Mail Removed)> wrote in message
> news:%23AO2$(E-Mail Removed)...
> > may you say right. it's high risk but my boss whant to do this risk.
> > It's so funny, but he want to hide this computer behind his office wall
> > and
> > install some special program on it,
> > I don't know what is this program and I dislike to know!
> > then by wireless lan connect to that computer and use that program
> > as remote desktop share but sometime someone else may want to work with
> > that
> > program (after login)
> > and they can goto regedit and find the logon password and another day
they
> > work with this programs illegally!
> > but i think they don't have enough knowledge about regedit and password
> > place in registry but i'm worry about this
> > oh, my god!
> > my boss is really crazy!
> > anyway,
> >
> > Thanks for your help Matt.
> >
> >
> > "Matt Gibson" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> You're missing the point.
> >>
> >> By having the computer automatically log in, you're eshewing any
security
> >> that you have. Having the password in the registry is a tiny risk
> > compared
> >> to having a logged in computer all the time.
> >>
> >> Matt Gibson - GSEC
> >>
> >> "Unicorn" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed)...
> >> > you are right Matt
> >> > I'm worried about someone finding your password out through the
> >> > registry
> >> >
> >> > I wanna set a computer as a remote destop share on network without
> >> > monitor,
> >> > keyboard and etc. it must be auto logon but i'm worry about auto
logon
> >> > password which is placed in registry!
> >> >
> >> > "Matt Gibson" <(E-Mail Removed)> wrote in message
> >> > news:(E-Mail Removed)...
> >> >> You're letting a computer automatically login, and you're worried
> >> >> about
> >> >> someone finding your password out through the registry?
> >> >>
> >> >> Priorities...
> >> >>
> >> >> Matt Gibson - GSEC
> >> >>
> >> >> "Unicorn" <(E-Mail Removed)> wrote in message
> >> >> news:(E-Mail Removed)...
> >> >> > Hi,
> >> >> > as you know, for auto login on win nt you must configure 4 keys in
> >> >> > registry
> >> >> > under :
> >> >> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> >> >> > NT\CurrentVersion\Winlogon
> >> >> >
> >> >> > 1-user name : DefaultUserName <REG_SZ> "user"
> >> >> > 2-password : DefaultPassword <REG_SZ> "pass"
> >> >> > 3-domain : DefaultDomainName <REG_SZ> "doman"
> >> >> > 4-force auto login : AutoAdminLogon <REG_SZ> "1"
> >> >> >
> >> >> > but the password store in "DefaultPassword" as clear text
> >> >> > unfortunately by this method everyone can find your password!!!
> >> >> >
> >> >> > I want to know is there any way to put password as a crypted
> >> >> > password
> >> >> > in
> >> >> > this key or is there another way for auto login with non clear
text
> >> >> > password
> >> >> > format?
> >> >> >
> >> >> >
> >> >> > Kind Regards,
> >> >> > Farzad Hayati.
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>