top of page
Search

(120) Microsoft Intune - Set Entra Domain Auto Admin Logon on workstations

  • Writer: Mr B SOE way
    Mr B SOE way
  • Apr 15, 2024
  • 2 min read

Previously I covered on how to setup local auto admin logon accounts on workstations which was mentioned https://soeintunedevice.wixsite.com/home/post/118-microsoft-intune-set-auto-admin-logon-on-workstations


Win32 App Preparation:

Install.ps1 Update "DefaultUserName" where Value is "AzureAD\Username@domain.com" Update "DefaultPassword" where Value is "AzureADPasswordforUsername@domain.com"

if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) {  New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value "AzureAD\Username@domain.com" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoLogonCount" -Value "99999" -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon" -Value "1" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultDomainName" -Value "AzureAD" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "ForceAutoLogon" -Value "1" -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultPassword" -Value "AzureADPassword" -PropertyType String -Force -ea SilentlyContinue;

Restart-Computer -Force

if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) {  New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoLogonCount"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultDomainName"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "ForceAutoLogon"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultPassword"

Restart-Computer -Force

Download and run the Microsoft Win32 Content Prep Tool from GitHub: https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool

The Win32 App Package should look like this:

Win32 App Creation:

Navigate to https://intune.microsoft.com/ > Apps > By Platform: Windows > Add > Select App type: Windows app (Win32).



Under Program:

Install Command: powershell -exe bypass -file Install.ps1

Uninstall Command: powershell -exe bypass -file Uninstall.ps1

Installation time required (mins): Yes

Allow available uninstall: Yes

Install behavior: System

Device restart behaviour: No specific action

Under Requirements:

Operating system architecture: 64-bit

Minimum operating system: Windows 10 1903

Under Detection Rules:

Rule type: Registry

Key Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Value Name: DefaultUserName

Detection method: String comparison

Operator: Equals

Under Review + Create: Review your settings then select Create.

Ensure to assign it as "Available" rather than required. Once the app is installed, it will auto login with "AzureAD\Username@domain.com"

 
 
 

Comments

bottom of page