question

chield1975 avatar image
0 Votes"
chield1975 asked Crystal-MSFT commented

Logitech TAP Intune managed

We're busy with setting multiple meeting rooms with Logitech TAP devices and after I join these devices to AAD and will be Intune managed, then the autologon functionality with the builtin Skype user will break.
The registry key AutoAdminLogon in "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" will be changed to 0.

There are no policies that's targeted to the device and hopefully someone can help me with the this. Maybe I can accomplish something with Kiosk profiles, but that's something I'm not formilar with.

Thanks already!

mem-intune-device-configurationsmem-intune-enrollment
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image Crystal-MSFT ·

@chield1975, From your description, I know after the device joined into Azure AD and enrolled into Intune. The registry key AutoAdminLogon will be changed from 1 to 0. If there's any misunderstanding, please let us know.

Could you let us know what is the operating system of our Logitech TAP? As we don't have logitech TAP at hand, we can test on the same operating systems as yours to see if the issue is related with Intune.

0 Votes 0 ·

3 Answers

chield1975 avatar image
0 Votes"
chield1975 answered Crystal-MSFT commented

Hi, thanks for the quick reply, but after some investigation I think the problem (autoadminlogon key is changed from 1 to 0) is related to the MDM baseline security policy that's assigned to the device. I've made an exclusion for the Logitech devices and will check later if this solved the issue. Get back to you!

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image Crystal-MSFT ·

@chield1975, Thanks for the reply. We will wait for your update, if there's anything we can help during this time, feel free to let us know.

0 Votes 0 ·
Crystal-MSFT avatar image Crystal-MSFT Crystal-MSFT ·

@chield1975,, Hope things are going well. If there's any update, feel free to let us know.

0 Votes 0 ·
chield1975 avatar image
0 Votes"
chield1975 answered Crystal-MSFT commented

Hi, sorry for the delay, but at some other things on my plate..;)

Problem is still there, if I only register the device to AAD then everything keeps working as expected, but as soon as the device get AAD joined (intune MDM managed), then the autologon breaks.

Other ideas how I can fix this?

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image Crystal-MSFT ·

@chield1975, After researching, I notice if no DefaultPassword string is specified, Windows automatically changes the value of the AutoAdminLogon key from 1 (true) to 0 (false), disabling the AutoAdminLogon feature. Could you check if the DefaultPassword is there?
https://docs.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon#use-registry-editor-to-turn-on-automatic-logon

If there's any update, feel free to let us know.

0 Votes 0 ·
chield1975 avatar image
0 Votes"
chield1975 answered Crystal-MSFT commented

Thnx for the reply again, I've tried to add the registry without a value and changed the AutoAdminLogon key back to 1, shutdown the Logitech, start it again and.... autologon still doesn't work...;)

Rechecked the registry keys, AutoAdminLogon is back to 0 and the DefaultPassword value is completely gone. I think I have to bang my head against the wall, this is driving me nuts...!

Other tips?

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image Crystal-MSFT ·

@chield1975, May be we can try the following script on the windows :
Note: Change the related value to the one in our environment in the following script.
$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
$DUKeyName = "DefaultUserName"
$DDKeyName = "DefaultDomainName"
$DPKeyName = "DefaultPassword"
$AALName = "AutoAdminLogon"
$DefaultUserName = "user"
$DefaultDomain = "contoso"
$DefaultPassword = "123"
$AutoAdminLogon = 1
IF(!(Test-Path $registryPath))
{
# abandoning
exit 0
}
ELSE
{
Set-ItemProperty -Path $registryPath -Name $DUKeyName -Value $DefaultUserName
Set-ItemProperty -Path $registryPath -Name $DDKeyName -Value $DefaultDomain
Set-ItemProperty -Path $registryPath -Name $DPKeyName -Value $DefaultPassword
Set-ItemProperty -Path $registryPath -Name $AALName -Value $AutoAdminLogon
}

0 Votes 0 ·