ConfigMgr OSD Lab–Add AutoLogon Account

*Not recommended in Prod, this creates a local account with password, password is in plain text in the TS, Scheduled Task & Registry.

Update 2018/11/09 - After the discovery yesterday of how OOBE removes those AutoLogon Keys, I've created a Scheduled task that I add during OSD that adds the keys post OOBE.  It's pretty ugly, but it works.  Basic idea: Scheduled Task adds the keys, removes the task, and reboots the machine after 5 minutes.  Trigger: Machine Turns on.  See more below..  All in all, it adds about 20 minutes onto the process, but you can tweak the reboot delay and shave off a few minutes.

Update: 2018/11/08 - This no longer works with new versions of Windows 10.  During OOBE stage (Post Task Sequence, Pre First Logon), the OOBE process deletes two keys: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"  Values: DefaultUserName & AutoAdminLogon  If you have it skip OOBE in your unattend.xml, it works, however that setting is deprecated.

Original Post:

I added a local admin account (Non-Domain) that autologon’s on to the computer after OSD purely to speed up my testing.  This way I don’t have to wait for First Logon, after OSD, it will reboot, then autologon as the account I’ve Created.

Make sure you add the SMSTSPostAction to reboot, so you don’t get that Group Policy Error the first time you try to logon. (As explained by Niall)

I’ve created a Task Sequence Variable at the start of the TS, that allows you to trigger the AutoLogon Group.  Simple Enable or Disable this step to have the Group run.

image

I then have a group which runs all of the commands individually.  You could easily put this into one batch file, I just like to do it this way, self documenting, and requires no content.  The group is set to run if the Task Sequence Variable “AutoLogon” = True

image

I then have 7 “Run Command line” Steps, creating the User and registry keys.

  1. Tweak – AutoLogon - Create Tony Stark Account
    1. net user /add TonyStark CapAmericaSt1nks! /Y
      image
  2. Tweak – AutoLogon - Tony's Password Never Expire
    1. wmic useraccount where "Name='TonyStark'" set PasswordExpires=false
      image
  3. Tweak – AutoLogon - Make Tony Admin
    1. net localgroup Administrators %computername%\TonyStark /add
      image
  4. Tweak - AutoLogon - Key DefaultUserName
    1. REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V DefaultUserName /T REG_SZ /D TonyStark /F
      image
  5. Tweak - AutoLogon - Key DefaultPassword
    1. REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V DefaultPassword /T REG_SZ /D CapAmericaSt1nks! /F
      image
  6. Tweak - AutoLogon - Key AutoAdminLogon
    1. REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V AutoAdminLogon /T REG_SZ /D 1 /F
      image
  7. Tweak - AutoLogon - Key DefaultDomainName
    1. cmd.exe /c REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V DefaultDomainName  /T REG_SZ /D %COMPUTERNAME% /F
      image
  8. Optional: Add two Steps to remove the Legal Notice Prompt (If you have it in your lab, GPO will probably put it back)
    1. REG DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v legalnoticecaption /f
    2. REG DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v legalnoticetext /f

After TS finishes, it will reboot and start the logon process automatically.  Now you can start your testing.

imageimageimage

You can change this to fit your needs, use a domain account in your Lab, just change the steps, as you won’t need 1-3 to create the account, and change step 7 to the Domain Name (Contoso, ViaMonstra, etc) instead of %computername%

UPDATE: 2018.11.09 - Update to add Scheduled Task.  Adds the registry keys, tells the computer to reboot in 5 minutes, and sets a runonce that deletes itself (the scheduled task).  I've tested this a few times, after OSD, it runs OOBE, machine reboots to the logon screen, in the background the script is running, the machine will reboot, and once it as loaded all of the keys it needs, it will auto logon after the next reboot (5 minutes), delete itself, and reboot again (5 minutes).  It's not pretty, but it works.
Scheduled Task: Autologon.xml

Add as step that imports the Scheduled Task.

The Task:

 

Please Note, this is sending the information in Clear Text, and will be available in logs, etc.  Probably fine for your lab, not a good idea for production. Smile  Please don’t say “Hey Boss, don’t worry about it, it’s totally cool, Gary does it!”

8 thoughts on “ConfigMgr OSD Lab–Add AutoLogon Account

  • Pingback: ConfigMgr Task Sequence Collection – GARYTOWN ConfigMgr Blog

  • October 27, 2017 at 2:06 pm
    Permalink

    Hello, I'm trying to get this working but my TS is not applying the Password registry step and not changing autoadminlogon to 1. I've validated in the SMSTS.log file that the steps are running as expected but they are missing when I login to the computer and check after it completes the TS. I've moved this step in the TS to almost the end, but still no luck. Any advice?

    Reply
    • October 27, 2017 at 3:15 pm
      Permalink

      Place a pause in your TS right after those steps and confirm they are added to the registry. If they are, then I'd guess GPO is changing it after OSD. If they aren't being added, it would seem like syntax. If you run the commands in elevated command prompt POST OSD, and reboot, does it work, or do the keys get wiped out again? Seems environmental.

      Reply
  • November 17, 2017 at 4:14 am
    Permalink

    During a baremetal OSD task sequence, is it possible to ask the engineer deploying the machine in fix AD OU to place the machine and then also actually placing the AD computer object into the OU?, or another way, to add the provisioned machine into an AD OU during the OSD

    Reply
    • November 17, 2017 at 4:05 pm
      Permalink

      Yes, this can be done via a powershell or HTA front end for the TS.

      Reply
  • August 1, 2018 at 12:31 pm
    Permalink

    Hi Gary.

    I'm having the same issue as Eric however I'm using Windows 10 1803. I've just started using MDT integrated with Config Manager (CB 1802) but have been doing the autologon steps for several years now in other scripts.

    I think there must be something in the TS that removes the password and autologon registry entries.

    Is this feature still working for you? If so, what OS and CM builds are you using?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.