This check determines whether the Auto Logon feature is enabled on the scanned computer, and if the logon password is encrypted in the registry or stored in plaintext. If Auto Logon is enabled and the logon password is stored as plaintext, the security report reflects this as a high-level vulnerability. If Auto Logon is enabled and the password is encrypted in the registry, the security report reports this as a potential vulnerability.
Note
Auto Logon stores your logon name and password in the registry, allowing you to automatically log on to
You can store the password that you use for automatic logon as plaintext in the registry or you can encrypt it as a Local Security Authority (LSA) secret.
The credentials used to log on by default during automatic logon are located under the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\WinlogonAutoAdminLogon REG_SZ 0 or 1 - Must be zero to remove this feature.
When you use AutoAdminLogon,
DefaultUserName REG_SZ Username
DefaultPassword REG_SZ Password
Specifies the password for the user listed under DefaultUserName.
If the password that you use for automatic logon is stored programmatically by using the LsaStorePrivateData API, it is encrypted and stored under the following registry keys:
HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\DefaultPassword\CurrVal
HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\DefaultPassword\OldValBy encrypting the password as an LSA secret, you prevent remote users from reading a plaintext password that is stored under the Winlogon registry key. However, anyone with physical access to the computer can boot the system and automatically log on, whether the password is encrypted or in plaintext, which poses a security risk.
©2002-2004