AutoAdminLogon issues

  • Thread starter Thread starter Herb Kraft
  • Start date Start date
H

Herb Kraft

I am trying to configure several 2000 Pro workstations to automatically log
into my 2000 domain. I have done all the standard registry edits (change
AutoAdminLogon to a string, value=1; set DefaultUserName, DefaultPassword,
and DefaultDomainName; even created the ForceAutoLogon value) and it is
still hit and miss.

I have found that it doesn't matter if the user is a local admin or not. It
also doesn't matter if it is a domain user or a local user. It seems that
some group policy is changing my AutoAdminLogon string back to a DWORD. I
have created a testing OU and blocked GP inheritance so I could test with a
virgin GP.

So far, what I have found is that if I change a registry setting in the GP,
I have to reset my AutoAdminLogon back to a string again. I enabled the
"allow users to act as part of the os" policy (with no users listed) and I
needed to reset the AutoAdminLogon back to a string. Then the auto logon
worked for a while until I changed the policy back to undefined. Then I
needed to reset the registry again. This would almost sound like a good
reason for this, but there are no policy changes happening in my production
OUs that are seeing this same problem.

Does anyone have any suggestions? Sorry for such a long post, but I thought
I needed to be fairly descriptive on this. Thanks for any input!!!

Herb
 
There is something else going on here... Registry values don't simply remove
themselves and then re-add themselves just for fun... There is some
mechanism at work here that is not in your detail... perhaps another policy
that is set to override... Blocking policy inheritance does nothing if
another higher in the structure is set to override... perhaps a script...
logon or logoff script, startup or shutdown script... run registry entry!
somewhere! The autologon entries seem correct!
 
I double checked my domain policy and it is not set to override. The
computer account I am currently testing with is in a third level container
(domain\OU\OU) with group policies applied at all three levels. Neither of
the upper levels have "no override" set. The third level is were my testing
GPO is applied, with block inheritance. Keep in mind that the exact same
symptoms happen to my production machines in different OUs.

There are no startup/shutdown/logoff scripts and the only logon scripts I
have just map drives. But this affects users that are in any OU, with any
logon script, and even the local users.

Everything looks like it's right!! AAARRRGGH!
 
I found the solution to this. There were no settings in any of the group
policy MMC's that would change this, but here's what I found:

I opened my local security template (the .inf file) and found a list of
registry entries that don't seem to have an actual policy associated with
them. One of them was for AutoAdminLogon, set at 4, 0 (translating to DWORD
value of 0). I changed this to 1, 1 (meaning REG_SZ value of 1) and now my
auto logon works fine. The odd thing is that simply deleting this entry
didn't help, I needed to change it to a string.

Now I just need to reimport this local template on all my workstations that
auto logon.

Herb
 
Back
Top