question

JohannesEbner-7834 avatar image
1 Vote"
JohannesEbner-7834 asked BairdScott-9581 published

Intune: Deploy Registry for AutoLogon

Hello,

I am using O365/M365 with Clients, which are joined an Azure Domain.

I want to enabel on one client "autologon" for a specific M365 Account. The Client shouldnt be in a Kiosk Mode. Just normal Mode.

Therefore I created on "Endpoint Manager" a Powershell Script:

 # MrNetTek
 # eddiejackson.net/blog
 # 1/2/2020
 # free for public use 
 # free to claim as your own
     
 Function Add-RegPolicy($hive,$path,$type,$name,$data)
 {
     $ErrorActionPreference= 'silentlycontinue'
     
     $regPath = "$hive`:\$path"
      
     if(-not (Test-Path -path $regPath))
         {
             # Create Path
             New-Item -Path "$regPath" | Out-null
                 
         }
                 
        # Remove Reg Key
        Remove-ItemProperty -Path $regPath -Name $name -Force | Out-Null
            
        # Add Reg Key
        Set-ItemProperty -Path $regPath -Name $name -Value $data -PropertyType $type | Out-Null             
            
        # Required for Binary 
        #$hex = $data.Split(',') | % { "0x$_"}            
        #New-ItemProperty -Path $regPath -Name $name -Value ([byte[]]$hex) -PropertyType $type | Out-Null
      
 }
     
 #Reg Hive + Reg Path + Reg Type + Reg Name + Reg Data
 Add-RegPolicy -hive "HKLM" -path "SOFTWARE\Microsoft\Windows NT\CurrentVersion\\\Winlogon" -type String -name "AutoAdminLogon" -data "1"
 Add-RegPolicy -hive "HKLM" -path "SOFTWARE\Microsoft\Windows NT\CurrentVersion\\\Winlogon" -type String -name "DefaultUserName" -data "username@domain"
 Add-RegPolicy -hive "HKLM" -path "SOFTWARE\Microsoft\Windows NT\CurrentVersion\\\Winlogon" -type String -name "DefaultPassword" -data "Pass"


Then I created an Azure Security Group where I added those clients, which should have the autologin with the defined user.
Then I assigned that Group to the Powershell Script.

The Device Status says "Succeeded" but I do not see this keys updated on the assigend clients.

If I enter this registry keys manually on the client, then it is working.

Best Regards,
Johannes

mem-intune-general
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi All,

In my environment ,Windows 10 devices are Hybrid domain joined and enrolled by Autopilot .
I have a requirement to set autologin for few Windows 10 devices with a specific domain account . Can I use this script for my purpose ?
Kindly suggest Is any another way ,I can manage the autologin from Intune .

0 Votes 0 ·
JohannesEbner-7834 avatar image
0 Votes"
JohannesEbner-7834 answered LuDaiMSFT-0289 commented

I do not know why, but it is working now :-)

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JohannesEbner-7834 Thanks for your update. I'm glad to hear that the issue has been solved. If you have any problem in the future, please post in our Q&A.
Thanks for your posting and have a nice day.

0 Votes 0 ·
LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered

@JohannesEbner-7834 Thanks for posting in our Q&A. From your description, I know it is working when we change the registry manually. But when we do it via script and deployed in Intune, it is not working.

To clarify the issue, we appreciate your help to collect the following information:
1.Check if the registry keys are added and changed when deploying the script policy.
2.Check if it is successful when you execute this script manually with the same account in the policy.
3.Please get the screenshot of the script policy settings in intune portal.

If there is anything unclear, feel free to let us know.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

alfredorevilla-msft avatar image
1 Vote"
alfredorevilla-msft answered ajh-7172 published

Hello @johannesebner-7834, as a security recommendation you might try Systernals Autologon v3.10 which encrypts the user credentials, opposite to the built in feature in Windows which saves them in clear text.


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Good information:

is it possible to deploy and configure this via intune?

0 Votes 0 ·

Sure, as any app, it's just an .exe.

0 Votes 0 ·
ajh-7172 avatar image ajh-7172 alfredorevilla-msft ·

Is it possible to deploy the app with a predefined encrypted password? Assuming I'm setting up a lab that will use the same credentials on every PC, or is this deployed then setup on the PC after the fact.

0 Votes 0 ·
AdeleVance-1753 avatar image
0 Votes"
AdeleVance-1753 answered BairdScott-9581 published

autologon <username> <domain> <password>

It writes its arguments into rgistry, but didn't work.

My device doesnt have any local users and is AzureAD joined.
Which parameters are the right one in this case for autologon.exe?

I tried:
- username (written like in C:\users)
- username@domain.tld (login upn in AzureAD)

As Domain I tried:
- AzureAD
- \\AzureAD

Is somewhere a working example?





· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi AdeleVance, did you find a solution to this?

0 Votes 0 ·
anthonykehn avatar image
0 Votes"
anthonykehn answered

Did anyone get this to work? I have an all AzureAD environment and used the above PowerShell script with a user and it says it ran and completed successfully but it never puts in the registry keys, nor does it autologin in the user.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.