To enable AutoLogin in Windows via the registry, the password is stored in plain text by default, which is a security risk. A better approach is to use the LSA to encrypt the password. This is exactly what SysInternals Autologon does. Note that the password is not encrypted using the user's own password; it is encrypted using a key stored in the LSA, meaning all Administrators can read the stored password.
Let's implement AutoLogin using .NET. First, create a new console application:
Shell
dotnet new console
To store secrets using the LSA, you can call the LsaStorePrivateData method directly. A simpler option in .NET is the Meziantou.Framework.Win32.Lsa NuGet package:
Shell
dotnet add package Meziantou.Framework.Win32.Lsa
Finally, write the registry values and the password:
C#
// Must be run as Administrator to be able to write to the registry and LSA
using Microsoft.Win32;
using var key = Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", writable: true);
key.SetValue("AutoAdminLogon", "1", RegistryValueKind.String);
key.SetValue("DefaultDomainName", "", RegistryValueKind.String);
key.SetValue("DefaultUserName", "username", RegistryValueKind.String);
Meziantou.Framework.Win32.LsaPrivateData.SetValue("DefaultPassword", "dummy");
#Additional resources
Do you have a question or a suggestion about this post? Contact me!
