Autologon is enabled

Risk Level: High risk vulnerability  High

Check or Attack Name: autologon
Platforms: Windows NT
Description:

Autologon is enabled. An attacker can access the host as DefaultUser, with the password DefaultPassword.

Remedy:

Disable autologon and apply the latest Windows NT 4.0 Service Pack.

To disable autologon, follow these steps:

WARNING: Incorrectly using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

  1. Open the Registry Editor (regedt32). From the Windows NT Start menu, select Run.
  2. Type regedt32 and click OK.
  3. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
  4. Delete the AutoAdminLogon and DefaultPassword values.

—AND—

To apply the latest Windows NT 4.0 Service Pack, follow these steps:

  1. Open a web browser.
  2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/ and follow the directions to download the appropriate service pack for your computer.
  3. Find the installation program you downloaded to your computer.
  4. Double-click the program icon to start the installation.
  5. Follow the installation directions.
References:
X-Force Logo
Know Your Risks