/build/static/layout/Breadcrumb_cap_w.png

Windows 10 1709 Domain Autologon

Hi guys,

I've seen a few similar questions floating around here, but I've tried all the steps on them and haven't been able to come up with anything that works.

Trying to set up my Scripted Installations on the K2000 so that the laptops automatically join the domain during the installation process and then auto-login so that they can finish the build as a domain-joined laptop.

This was previously never an issue with Windows 7 - our Powershell script would run and the laptop would join the domain and continue auto-logging in without any issues.

However with Windows 10, the AutoLogin function breaks as soon as the laptop joins the domain. I cannot put this post-install task at the very end of my task list as the default Restore UAC and Cleanup tasks must finish after it. I also run a script that clears the last login so the imaged laptop shows as if it has never been logged into before for the user who receives it.

I'm adding the following registry values during the install process (as a .BAT script):

reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1  /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 10  /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d our.domain  /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d user.name  /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d password /f

As soon as it restarts after performing our domain join task the machine stops auto-logging in. I can see the registry keys sitting there after the restart (and manually logging in).

I've even added these keys manually once it has been domain joined and restarted it with no joy.

Does anyone have any extra information about how to get this working so I can configure my Scripted Installations like Windows 7?

Cheers,
Tim

2 Comments   [ + ] Show comments
  • Do you have Cortana on? If Cortana is enabled, it adds an extra reboot when the system checks for updates and talks to you changing the auto login count from the Sysprep file. I ran into this issue. To fix it , I added:
    <settings pass="oobeSystem">
    <OOBE>
    <SkipMachineOOBE>true</SkipMachineOOBE>
    </OOBE>

    and my auto logins worked as expected. I have 2 Auto Logins in my Sysprep file
    I also noticed that after the machine joins the domain and reboots, it creates another user account for the local account that auto logs in. To correct that, after my join domain vbs script ( no reboot), I added a batch file to remove the DefaultDomain key created when the computer joins the domain with a reboot.

    reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /f - Bethski 6 years ago
    • Sorry, missed this earlier. Cortana is enabled, but all that runs before I join the laptop to the domain and it can happily autologin with no issues (I have the AutoLogonCount set to 5 in my Unattend.xml).

      When you say after the machine joins the domain and reboots - what is the "another user account for the local account"? I have a user that is added during my Unattend.xml that gets set with a non-expiring password as a local administrator (so we can have admin access to machines that are away from the domain network if required). - onionst 6 years ago
      • I had the same problem, I had my auto login set to 2 reboots after sysprep, but after the domain join when it rebooted for the second time, it broke. I read on a Technet post somewhere that even though the SkipMachineOOBE says it is depreciated in WIndows 10 1703/1709, it still works. On the K2000, I also noticed that after adding the SkipMachineOOBE to my sysprep xml, the autologin started to work again, but specific to the K2000, if you look in your C:\Users folders, you will see two accounts for the local admin( the one set to autologin), One folder with the plain name and a second with the plain name dot whatever your domain name was. Adding the task to delete the DefaultDomainName registry key created when the computer joins the domain fixed that issue, so now the K2000 autologins twice and only creates one local admin user folder. To get around this on my Windows Deployment Services I created an AutoLogin Powershell that ran as part of the first boot to set the registry because it was the only way I could get the registry to change. After adding the SkipMachineOOBE to the unattended.xml on the WDS Server, the autologin started to work again as expected and I no longer needed the extra powershell. It seemed to be that the Cortana checking for updates as part of sysprep broke all additional auto logins. - Bethski 6 years ago
  • Just adding another comment - I can un-join the laptop from the domain and the registry autologon works fine. That to me says there's something about the laptop being joined to our domain that's stopping it from auto logging in. Could it be a group policy or something that is potentially affecting it? - onionst 6 years ago

Answers (5)

Answer Summary:
Posted by: quickwhips 6 years ago
Orange Senior Belt
0
Have you tried doing it with sysinternal autologin instead.  I use mdt but I’ve setup auto login with that in the past.

Comments:
  • Can the sysinternals autologin be disabled via command-line afterwards? I only want to use the autologin while the image is being provisioned - after that we hand it out to regular users so will need it to be disabled then. - onionst 6 years ago
    • Just make another script at the end to delete the registry key. - quickwhips 6 years ago
      • Tried it today - even running Autologing manually after fully imaging the laptop and having everything installed it still won't autologin.
        I can see the registry keys it creates, but after rebooting it just goes back to the regular W10 login screen. - onionst 6 years ago
Posted by: akmagnum 6 years ago
Red Belt
0

I have noticed that sometimes after a kace update to appliances or a windows update,

some scripts just stop working for no reason at all.

And sometimes just duplicating the script and renaming it just get its working again.

Weird I know....but try it.

But just in  case ........ here is my autologon which works with my 1709 update.

Just change USERNAME and PASSWORD to work for you. Oh... and the autologon count to whatever you need.(Mine is 12).

Hope it helps......


reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DefaultLogonDomain /t REG_SZ /d %COMPUTERNAME% /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d USERNAME  /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d PASSWORD /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 12  /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d %COMPUTERNAME%




Comments:
  • No luck with this either - I can see the registry keys being added, but after a reboot it just sits at the login screen. I've tried deleting and re-adding the scripts, and the install and it hasn't helped. - onionst 6 years ago
    • I am almost sure this is a credentials problem.
      I think the problem is this......,
      Prior to the "domain join" in the scripted install, the auto logon was logging in to the local computer account with local admin rights. BUT..
      After joining the domain, windows login is looking for domain credentials, which is not the username and password in the bat script.
      Make sure to change USERNAME to .........
      (.\USERNAME)..........without the brackets.
      This makes sure the script logs in to the local computer admin as it used to, instead of the domain.
      So.... just add .\ to the username in the script. - akmagnum 6 years ago
      • I've tried with all sets of credentials - a separate local admin user, a domain admin, no combination seems to work (set it manually after it's been imaged as well with no luck). I can see the AutoLogonCount reg key going down every time I reboot the laptop, but it will not auto-login no matter what I do.
        Is there somewhere in Event Viewer I can check? - onionst 6 years ago
Posted by: alphabeta 6 years ago
Black Belt
0
Was having issue with AutoAdminLogin myself. The AutoLoginCount needs to be at zero for it to login in at next reboot. I think it's meant to count down the figure for each reboot until it's at zero but you can force set it to zero and it will login on next reboot.

Comments:
  • This doesn't work for me, as soon as I set AutoLoginCount to 0 it deletes the DefaultPassword reg key... not sure how yours is working? - onionst 6 years ago
    • Did you try adding .\ to the local admin user? This is important !!!!
      Also how did you create the image. Did you use the "Sysprep creator tool" from Quest..... or did you use the windows version of sysprep?
      I would recommend using the tool. It also has a autologon count function you can add to the answer file.
      Maybe you should create a new image and try it.
      Also try putting the "autologon" task in the kace just before the "domain join" task. - akmagnum 6 years ago
      • Yep, tried with and without the .\.
        I'm using a scripted installation with the K2000, so no need to Sysprep - I upload the boot environment and then the boot media and use an unattended.xml + post-installation tasks to install everything that I require.
        I've got the autologon task before the domain join - doesn't matter where the task is, as soon as it joins the domain autologon breaks. - onionst 6 years ago
      • I actually use images with my win10 deployment, so I don't seem to have the problem. But I tried to use a scripted install test deployment with the domain join and the autologon script in win10 ......and you are right , I get the same problem.
        That's funny because, in the image with the same tasks of domain join and autologon there are no issues with re-logging in after a domain join.
        will let you know if I find a solution. - akmagnum 6 years ago
Posted by: alphabeta 6 years ago
Black Belt
0
I have it putting the value types in as well. See below.

Reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d NameHere /f
Reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d PasswordHere /f
Reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
Reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d DomainHere /f
Reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_SZ /d 0 /f

Comments:
  • No luck with this either - I did notice that when I didn't put the value types in it seemed to pick the right one (REG_SZ) by default. Thanks though! - onionst 6 years ago
Posted by: onionst 6 years ago
Senior White Belt
0

Top Answer

Alright everyone... turns out it was a GPO that was causing my issue. I had a GPUpdate task running before my AutoLogon and my domain join task - moving that to the end of the queue means it's worked fine!

Now to track down the GPO that is causing my problem... I suspect it might be to do with wireless login or something along those lines.

Thanks all for your help!

Cheers,
Tim
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ