Auto Login to win NT

[Unicorn]

Hi,
as you know, for auto login on win nt you must configure 4 keys in registry
under :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

1-user name : DefaultUserName <REG_SZ> "user"
2-password : DefaultPassword <REG_SZ> "pass"
3-domain : DefaultDomainName <REG_SZ> "doman"
4-force auto login : AutoAdminLogon <REG_SZ> "1"

but the password store in "DefaultPassword" as clear text
unfortunately by this method everyone can find your password!!!

I want to know is there any way to put password as a crypted password in
this key or is there another way for auto login with non clear text password
format?


Kind Regards,
Farzad Hayati.

 

[Matt Gibson]

You're letting a computer automatically login, and you're worried about
someone finding your password out through the registry?

Priorities...

Matt Gibson - GSEC

 

[Phillip Windell]

1-user name : DefaultUserName <REG_SZ> "user"
2-password : DefaultPassword <REG_SZ> "pass"
3-domain : DefaultDomainName <REG_SZ> "doman"
4-force auto login : AutoAdminLogon <REG_SZ> "1"

but the password store in "DefaultPassword" as clear text
unfortunately by this method everyone can find your password!!!

No they can't. They have to be an administrator to run Regedit to be able to
open the registry to see the password,...but if they are already
Administrators then they almost don't need your password.

 

[Phillip Windell]

You're letting a computer automatically login, and you're worried about
someone finding your password out through the registry?

Priorities...

Not only that but they can see which account it logs in under,...even if
they have to run NBTSTAT,...and since every user can typically change their
own password, they can hit Ctrl-alt-Del, select Change Password and make it
something that only they know what it is. Then if that account also happens
to have Admin access, they can have a lot of fun with it now that he/she is
the only one that knows the password.

 

[Matt Gibson]

*Grin*

Preach it!

Matt Gibson - GSEC

 

[Unicorn]

you are right Matt
I'm worried about someone finding your password out through the registry

I wanna set a computer as a remote destop share on network without monitor,
keyboard and etc. it must be auto logon but i'm worry about auto logon
password which is placed in registry!

 

[Matt Gibson]

You're missing the point.

By having the computer automatically log in, you're eshewing any security
that you have. Having the password in the registry is a tiny risk compared
to having a logged in computer all the time.

Matt Gibson - GSEC

 

[Unicorn]

may you say right. it's high risk but my boss whant to do this risk.
It's so funny, but he want to hide this computer behind his office wall and
install some special program on it,
I don't know what is this program and I dislike to know!
then by wireless lan connect to that computer and use that program
as remote desktop share but sometime someone else may want to work with that
program (after login)
and they can goto regedit and find the logon password and another day they
work with this programs illegally!
but i think they don't have enough knowledge about regedit and password
place in registry but i'm worry about this
oh, my god!
my boss is really crazy!
anyway,

Thanks for your help Matt.

 

[John [MSFT]]

If you are using Windows XP (as opposed to Windows NT 4.0 - I hope you are
not deploying a new NT4 box!), use TweakUI powertoy. When it saves the
password for auto login it saves in an encrypted storage.

 

[Unicorn]

Dear john
thanks for your advise
that computer has MS-Win 2K Pro.
there are 2 main server else a win 2k adv. serv. sp4 + active dir.
and another is .net enterprise
may i upgrade it to win - xp

 

[Jetro]

You can logon as Guest or any other user but prohibit the registry access if
you really need to Autologon.