"netplwiz" AND "control userpasswords2" do NOT open; How do I configure a secure autologon solution for an industrial PC with no access to internet?

Etienne 20 Reputation points
2023-06-14T19:26:30.0133333+00:00

Hello everyone,

System information & disclosure:
I am working on an IPC227E which has Windows 10 IoT entreprise 2016 on it. Latest update installed was WIN10 22H2 at the beggining of June 2023.
I am using a local account. Windows Hello is not supported on this device.
If you feel like you need more information on the device I will evaluate what I can and can't disclose but will be sure to update you either with the information or with the fact that I can't provide it.

Initial problem:
I have created a startup script that opens an app on startup, however it seems it only does so on first login rendering the script useless since this is an inaccessible PC which I'm connecting to using a RDP connection I configured.

Expected result:
Being able to power on the device and have the user login done automatically in order to pre-load apps before establishing an RDP connection to the device, cutting waiting time by 30s for every connection.

What was tried:
https://answers.microsoft.com/en-us/windows/forum/all/how-do-i-disable-login-password-netplwiz-not/fe364f1a-31f9-4a56-a318-5000425aab98

I tried going down the "netplwiz" and/or "control userpasswords2" route, to no avail.

What I mean by this is:
Both those commands, executed using WIN+R or directly through an evelated CMD or by locating the file in the "C:\Windows\System32" and running it; do nothing.

And I really mean, do nothing.
My mouse pointer briefly goes into "working state", no UAC confirmation pops up (Even if I right click the netplwiz executable and select run as administrator), no process is started, just nothing.

What I would like to avoid and why:
-Editing the register:
I do not have access to the recovery USB and will not for at least a month. I cannot make a mistake requiring me to "load a system backup".
I also figured that if I set the "defaultpassword"* and "defaultusername"*, this information will be stored in plain text in the register and I can't allow that.
*This is not correct spelling of the register's string value.

-Using 3rd party tools:
For the same reason I cannot provide much information about the working computer, I cannot expose the private data it will manipulate to a 3rd party tool.

-Removing the password entirely:

The computer is exposed through a in-house network, RDP connection should remain secured with a password.

What I am planning on doing if nothing else works:
Using this microsoft utilitary:

https://video2.skills-academy.com/en-us/sysinternals/downloads/autologon

I would follow the steps provided in the link above and use this utilitary to do what seems to be the registry editing in a controlled manner.
This comes with a WARNING that "Although the password is encrypted in the registry as an LSA secret, a user with administrative rights can easily retrieve and decrypt it."

So, superusers and dedicated helpers along; can you help me setup a secure autologin solution for a remote PC not connected to the internet which cannot make use of netplwiz.?

Cheers,
-Étienne

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,158 questions
Windows for IoT
Windows for IoT
A family of Microsoft operating systems designed for use in Internet of Things (IoT) devices.
383 questions
0 comments
Accepted answer
  1. Limitless Technology 44,101 Reputation points
    2023-06-15T10:33:56.5066667+00:00 
    Hello Etienne,

Thank you for your question and for reaching out with your question today.

Given the restrictions and requirements you mentioned, using the Microsoft utility called Autologon from Sysinternals seems like a viable option for setting up a secure autologin solution on your remote PC. The utility allows you to configure automatic login without directly editing the registry or exposing plain text passwords.

Here's a step-by-step guide on how to use Autologon:

1. Download the Autologon utility from the official Microsoft Sysinternals website:
   - Go to https://docs.microsoft.com/en-us/sysinternals/downloads/autologon.
   - Scroll down to the "Download" section and click on the download link to get the latest version of Autologon.

2. Extract the downloaded ZIP file:
   - Extract the contents of the ZIP file to a folder on your local computer.

3. Run the Autologon utility:
   - Navigate to the folder where you extracted the Autologon utility.
   - Double-click on the "Autologon.exe" file to launch the utility.

4. Accept the license agreement:
   - Read and accept the license agreement presented by the utility.

5. Enter the credentials for automatic login:
   - In the Autologon utility, enter the username and password for the account you want to use for automatic login.
   - Re-enter the password to confirm it.

6. Set up autologon:
   - Click on the "Enable" button in the Autologon utility to configure automatic login using the provided credentials.

7. Test the autologin:
   - Restart or reboot the remote PC to test if the automatic login works as expected.

Please note the security considerations mentioned by Microsoft regarding the encryption of the password in the registry. While the password is encrypted as an LSA secret, an administrative user can potentially retrieve and decrypt it. Ensure that the PC is adequately protected from unauthorized access.

Using Autologon should help you achieve the desired result of automatically logging in to the remote PC, pre-loading apps before establishing an RDP connection, and reducing waiting time.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

If the reply was helpful, please don’t forget to upvote or accept as answer.

Best regards.
    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sean Liming 4,591 Reputation points
    2023-06-17T18:02:58.22+00:00

    Are you buying systems off the shelf with the OS installed and just configuring the way you like? Or are you looking to build a custom image?

    If the former, the sysinternals tool is the answer for the question on autologon. As far as launching something on startup, there is the registry keys for RUN, RUNONCE, and RUNONCEEX: https://video2.skills-academy.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys or you could use Shell Launcher to launch a custom application on start up.

    If the later, you can use System Image Manager to create a custom installer, with the autologon and items to launch on startup in an answer file.