NT Gatekeeper: Limiting Automatic Logons

We use Windows NT 4.0's automatic logon feature when we perform automation installations on our NT 4.0 workstations. Can we limit the number of times a user can automatically log on to a particular machine? And how can we deny users the capability to override the automatic logon and log on with another set of credentials?

To limit the number of automatic logons, use the AutoLogonCount value of type REG_DWORD in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon registry subkey. When you enable AutoLogonCount, each time the system reboots, it decreases the subkey's value by one until the value reaches zero. When the value reaches zero, the system refuses automatic logons to any account, deletes the AutoLogonCount and DefaultPassword key values from the registry, and sets AutoAdminLogon to zero.

NT 4.0 uses the DefaultPassword and AutoAdminLogon values in combination with the DefaultDomainName and DefaultUserName values to enable automatic logon. These values are also in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon registry subkey. For more information about setting up automatic logons, see the Microsoft article "How to Enable Automatic Logon in Windows NT 3.x and 4.0" (http://support.microsoft.com/?kbid=97597).

To prevent users from overriding the automatic logon and logging on with another set of credentials, add the IgnoreShiftOverride registry value of type REG_SZ to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon registry subkey. Set the value to 1.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish