Autologon check

Applies To: Forefront Client Security

The Autologon SSA check reports if the computer is configured for automatic logon and whether the password is stored in plaintext.

If automatic logon is enabled on the scanned computer, the password that is used to log on automatically is stored in the registry (either in plaintext or encrypted format). In either case, this feature poses a security risk because anyone with physical access to the computer can start the system and automatically log on without having to enter any credentials.

If automatic logon is enabled, regardless of whether the logon password is stored in the registry as plaintext or encrypted text, there is a security risk.

It is recommended that you ensure that automatic logon is disabled. To do so, be sure the following registry key is set to 0 (zero) on all computers:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon

As a best practice, when you disable automatic logon, you should also ensure that the password used for automatic logon is no longer stored in the registry. To do so, be sure that the following two registry keys are empty:

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\DefaultPassword\CurrVal

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\DefaultPassword\OldVal

The following table shows how Client Security determines the score resulting from checking whether automatic logon is enabled.

How to turn on automatic logon in Windows XP