Autologon check

Published: December 16, 2009

Applies To: Forefront Client Security

The Autologon SSA check reports if the computer is configured for automatic logon and whether the password is stored in plaintext.

If automatic logon is enabled on the scanned computer, the password that is used to log on automatically is stored in the registry (either in plaintext or encrypted format). In either case, this feature poses a security risk because anyone with physical access to the computer can start the system and automatically log on without having to enter any credentials.

If automatic logon is enabled, regardless of whether the logon password is stored in the registry as plaintext or encrypted text, there is a security risk.

Resolutions for potentially unacceptable scores

It is recommended that you ensure that automatic logon is disabled. To do so, be sure the following registry key is set to 0 (zero) on all computers:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon

As a best practice, when you disable automatic logon, you should also ensure that the password used for automatic logon is no longer stored in the registry. To do so, be sure that the following two registry keys are empty:



Client Security determines scoring based on the existence of the DefaultPassword registry key, even if you remove the password contained within that key.

Scoring and results

The following table shows how Client Security determines the score resulting from checking whether automatic logon is enabled.


Score Automatic logon is configured Password is exposed in registry Results message




Autologon is configured without password encryption on this computer.




Autologon is configured on this computer using an encrypted password.




Autologon is not configured, but a plaintext password might be exposed on this computer.




Autologon is not configured on this computer.

Related Topics