Automating: Logging out as User 1 and then Logging in as User 2

[noellarkin]

This is possible?
I was trying to use registry edits to set the "last logged user" to make the system reboot into User2 (using Shutdown($SD_REBOOT)  ) but it keeps logging back into User 1 when restarting.

[rsn]

I dabbled with this once upon a time. Automating the Microsoft Autologon tool was the best and simplest solution.

[noellarkin]

Thanks, this is what the description says:

Quote

Autologon enables you to easily configure Windows’ built-in autologon mechanism. Instead of waiting for a user to enter their name and password, Windows uses the credentials you enter with Autologon, which are encrypted in the Registry, to log on the specified user automatically.

[!WARNING] Although the password is encrypted in the registry as an LSA secret, a user with administrative rights can easily retrieve and decrypt it. (For more information see Protecting the Automatic Logon Password )

Autologon is easy enough to use. Just run autologon.exe, fill in the dialog, and hit Enable. The next time the system starts, Windows will try to use the entered credentials to log on the user at the console. Note that Autologon does not verify the submitted credentials, nor does it verify that the specified user account is allowed to log on to the computer.

To turn off auto-logon, hit Disable. Also, if the shift key is held down before the system performs an autologon, the autologon will be disabled for that logon. You can also pass the username, domain and password as command-line arguments:

autologon user domain password

Note: When Exchange Activesync password restrictions are in place, Windows will not process the autologon configuration.

I'm curious what "domain" is in this context? I'm using windows 10 on a desktop machine.

Do I have to add autologon.exe to Windows Startup?

[rsn]

Autologon takes command line arguments so using it might be simpler than you think. 

autologon.exe <username> <domain> <password>

If the PC in question isn't joined to a Windows Domain, you would use the name of the PC. Example from the command line:

autologon.exe noellarkin %COMPUTERNAME% MyC0mplexP@ssword

Right before you trigger your logoff use autologon to set whoever you want to log in next. Example in AutoIt:

$iPID = Run ( @ComSpec & " /c c:\path\to\autologon.exe noellarkin " & @computername & " MyC0mplexP@ssword" , "" ,  @SW_HIDE )
ProcessWaitClose($iPID)

Shutdown (0)

 

Edited September 29, 2023 by rsn
examples

[noellarkin]

Thank you!

[rudi]

Keep in mind, that the password is decryptable.

 

https://keithga.wordpress.com/2013/12/19/sysinternals-autologon-and-securely-encrypting-passwords/

The head line "LSA secrets" and below will explain this concern.

[rsn]

Good point @rudi. I wouldn't use it in an enterprise or domain environment since it is decryptable and, more importantly, that the creds are passed in plain text during the setup. But for some simple home/personal use, the attack profile is relatively low.