top of page
Search

(118) Microsoft Intune - Set Auto Admin Logon on workstations

  • Writer: Mr B SOE way
    Mr B SOE way
  • Apr 5, 2024
  • 2 min read

Updated: Apr 6, 2024

As I wanted to use "AutoAdminLogon" on any VM workstations similar that of Kiosk profile which has "AutoAdminLogon" for self-deploying mode, but I didn't want to use a "Kiosk" setup to do my testing. With Hyper-V you are unable to do a self-deploying mode (aka Kiosk), which needs to be on a physical computer.

I created a PowerShell, save as: Intune-SetAutoLogonSettings.ps1 to do the following:

# Create Username and Password

$username = "Auto"

$password = ConvertTo-SecureString "ZEz8oJkj" -AsPlainText -Force 

# Creating the user

New-LocalUser -Name "$username" -Password $password -FullName "$username" -Description "Auto Admin Account"

Add-LocalGroupMember -Group "Administrators" -Member $username

Set-LocalUser -Name "$username" -PasswordNeverExpires 1

# Tattoos registry to set path
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) {  New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };

New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'DefaultDomainName' -Value '.\' -PropertyType String -Force -ea SilentlyContinue;

New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'DefaultUserName' -Value 'Auto' -PropertyType String -Force -ea SilentlyContinue;

New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'AutoAdminLogon' -Value '1' -PropertyType String -Force -ea SilentlyContinue;

New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'ForceAutoLogon' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;

New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'DefaultPassword' -Value 'ZEz8oJkj' -PropertyType String -Force -ea SilentlyContinue;

New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'LastUsedUsername' -Value 'Auto' -PropertyType String -Force -ea SilentlyContinue;

Restart-Computer -Force

You can deploy this as a PowerShell script, which does cause issues for Autopilot as it creates a defaultuser0. So instead I created it as a Win32 app which literally did the job. Under Program: Install Command: powershell -exe bypass -file Intune-SetAutoLogonSettings.ps1

Uninstall Command: powershell -exe bypass -file Intune-SetAutoLogonSettings.ps1

Device restart behaviour: No specific action


Under Detection Rules:

Rule type: Registry

Key Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Value Name: DefaultUserName

Detection method: String comparison

Operator: Equals

Value: Auto


Make this application available, then go to Company Portal to install. After the script is completed, it will force restart then auto login under user profile: Auto

 
 
 

Comments

bottom of page