Saturday, May 20, 2017

Disabled automatic login in Windows 10 does not work anymore




In my Windows 10 Pro 64bit I have several accounts without passwords (I won't need it at home, I just want to let each one have his profile) and after following some hacks which involve registry and policy edits I managed to have a solution where the list of my users would show after start without showing the lock screen and without automatically login the last active user.



Now after the last major update it seems to be the case that something changed and the hack does not work again. I could prevent the lock screen, but the system would login no matter what I try.



Did anyone manage to do it very recently without having to set a password for each one?





Things I tried:




Can I disable auto logon on windows 10 home



How to prevent automatic login of the last user in Windows 10?



Windows 8: how to stop auto login


Answer



Since Windows 8, Microsoft have been making it very difficult to retain the classic logon sequence - where Windows stops during startup and displays the list of available accounts. This is only an issue when you want to use multiple accounts without any passwords (eg on a family home computer)



The first fix was a simple registry change to the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\UserSwitch

Enabled = 1 (default is 0 - where Windows auto starts the last account used)



Windows 10 disabled that fix by resetting the "Enabled" value back to "0" during bootup. Windows 10 Pro users were able to setup a Logon script (using Local Group Policy Editor) - which reset the "Enabled" value back to "1" before Windows checked and used it's value. See this thread: How-to-prevent-automatic-login....



The most recent change has been made in Windows 10 Fall Creators Update (1709)
- where Microsoft have disabled the Logon Script fix. See this thread:
Stop_automatic_login....



Currently there is no working fix to restore the classic "Pause at User Account List" option, and so far I have not been able to prove the exact failure mode of the Logon script hack.




The two possibilities seem to be that after the 1709 update:




  1. Windows no longer checks the "Enabled" switch value and just uses a default logon behaviour

  2. Windows has change the timing of the logon steps


    • and the GPEdit logon script now runs either too early or too late to prevent the unwanted auto logon.





Any potential new fix will depend on exactly what Microsoft have changed.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...