I want to make changes to the Windows Registry through a Powershell script. I use the old fashioned reg add approach and it works quite well. If I run regedit.exe after my script all changes are made but they are lost after a reboot ...
My code:
# Enable Auto Logon
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "AutoAdminLogon" /t REG_SZ /d "1" > null
$name = Read-Host 'Username'
# Set username for logon
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "DefaultUserName" /t REG_SZ /d $name > null
# Set users password
$clearPassword = Read-Host 'Password'
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "DefaultPassword" /t REG_SZ /d $clearPassword > null
# How many times to auto logon? (0 means infinitive)
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "AutoLogonCount" /t REG_DWORD /d "0" > null
echo "Autologon enabled"
So, what can I do to make these changes persistent in the Windows Registry?
Best regards
peekaboo777
This behaviour is by design.
On each reboot, Windows will de-crement the AutoLogonCount. When it is at zero, the registry value is removed to disable auto-logon. The values for DefaultUserName and DefaultPassword may also be cleared.
This feature is generally used during automated Windows client builds/deployments.
This is well documented. E.g. http://www.computerperformance.co.uk/windows7/windows7_auto_logon.htm
Related
I'm setting up a Task Sequence(TS) in MDT for deploying Win10 IoT Enterprise. As one of the final steps in the TS I'm trying to add AutoLogon of the user account to the registry. But when the TS finishes and I check, the changes have either not been made or they have been reset by some clean-up script.
I create a new "Run Command Line" step in the TS, right after the Install Applications step that MDT generates automatically. This step runs a script I've added to the Deploy/Scripts folder. I get no errors here, but no result either.
I've tried to export the correct registry-settings to a .reg file and use the "Run Command Line" step to import these. Again, no errors and no result.
I've moved both of these steps down in the list, so that they are the last thing the TS does. Again, no errors and no result.
cmd /c reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
cmd /c reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d <username>/f
cmd /c reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d <Domain> /f
cmd /c reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d <password> /f
cmd /c reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 500000 /f
I want the AutoLogon to be set automatically. If not, there has to be a procedure for how to set it up and that not only feels unnecessary, but is also a source of errors if its forgotten.
After more googling I finally found:
https://ccmcache.wordpress.com/2018/02/07/workaround-for-windows-10-1709-autoadminlogon-at-the-end-of-configmgr-osd-task-sequence/
Where there is a solution. An ugly one, but the only way I've found that works. So thank you to the author of this.
I'm using a batch script to activate Auto logon on a computer that's a member of doamin.
#echo off
REM Set variables
set /p username= What is the username?
set /p domain= What is the domain name?
set /p password= What is the password?
REM Enable Auto Logon
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1
REM Set Username for logon
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d %username%
REM Set Domain
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d %domain%
REM Set Password
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d %password%
REM Set number of times to auto logon (0 for infinite)
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0
Everything works fine after I execute the script, but once I reboot the computer I noticed that the DefaultPassword and AutoAdminLogon values are not saving. I changed the permission but still no luck.
Can you please tell me what am I doing wrong.
If I am reading the documentation correctly, AutoLogonCount decrements each time the system is automatically logged on, and when it reaches 0 then the auto logon is disabled. It sounds like you are configuring it to immediately end logging in automatically. Try not using the AutoLogonCount value at all (or remove it if it exists). I've never used it before and auto logon works forever without it.
Is it possible to use a batch file to edit a local GPO ?
What I am exactly trying to do:
I want to create a "New Software Restriction Policies".
Change a parameter value in the "Enforcement".
Add a new path rule with a specific path.
I am not looking for you to create the script. I just want to know if this is possible to do it with a batch file & and some idea to help me start with this task.
This procedure is not really complicated and can be done manually. Given that I have to apply these change for a lot of computer, I am looking for a fastest way than doing it from the "gpedit.msc".
Yes, it is possible to edit the local GPO using a Batch script. Simply manipulate the GPO by editing the registry keys. Note: Depending upon the GPO setting changed through the registry, you may need to log the user off before the change takes effect.
Step 1
Download the Microsoft Group Policy Setting Reference (Registry Keys List):
http://www.microsoft.com/en-us/download/details.aspx?id=25250
Step 2
Get the policy registry location from the Spreadsheet
e.g. HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!AppendToMultiLabelName
Step 3
Use the reg add command to edit the values as you need
e.g. #reg add "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f
Note
You may need to edit the GPO registry key in both the Machine and User section of the registry along with the WOW section.
e.g. #reg add "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & #reg add "HKLM\Software\Wow6432Node\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & #for /f "delims=" %A in ('reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" /k /f "*Machine" ^| find /i "HKEY"') do #reg add "%~A\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & #reg add "%~A\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f
Breakdown of example:
Update the value in the default location
Update the value in the secondary location for 64-bit OS
Loop through the User GPOs
Update the value based on the default location
Update the value based on the secondary location for 64-bit OS
Source
I'm trying to edit the Registry value using a batch file, this is what I currently have:
#echo off
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /v "1" /t REG_SZ /d "DisableThumbsDBOnNetworkFolders" /f
pause
This is what I'm trying to edit:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ Explorer]
DisableThumbsDBOnNetworkFolders REG_DWORD 0x00000001
I want to set the value to 1 (0x00000001) (By default it's 0x00000000)
But my cmd file creates another value named DisableThumbsDBOnNetworkFolders .
What did I do wrong?
You have a couple problems.
The /v parameter is the value name, in your case DisableThumbsDBOnNetworkFolders, and the /d parameter should be the actual value.
It looks like DisableThumbsDBOnNetworkFolders is a REG_DWORD, but you are specifying it as REG_SZ with the /t parameter.
Try this command:
REG ADD "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /v "DisableThumbsDBOnNetworkFolders" /t REG_DWORD /d 1 /f
I want to disable a standard user from accessing the task manager. With gpedit.msc this works without problems, but I need to do this from the Windows registry. I already tried assigning 1 to the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DiableTaskMgr, but it is not working.
I use a bat file:
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableChangePassword /t REG_DWORD /d 1 /f
taskkill /IM explorer.exe /F