Jump to content

Automating: Logging out as User 1 and then Logging in as User 2


Go to solution Solved by rsn,

Recommended Posts

Thanks, this is what the description says:


Autologon enables you to easily configure Windows’ built-in autologon mechanism. Instead of waiting for a user to enter their name and password, Windows uses the credentials you enter with Autologon, which are encrypted in the Registry, to log on the specified user automatically.

[!WARNING] Although the password is encrypted in the registry as an LSA secret, a user with administrative rights can easily retrieve and decrypt it. (For more information see Protecting the Automatic Logon Password )

Autologon is easy enough to use. Just run autologon.exe, fill in the dialog, and hit Enable. The next time the system starts, Windows will try to use the entered credentials to log on the user at the console. Note that Autologon does not verify the submitted credentials, nor does it verify that the specified user account is allowed to log on to the computer.

To turn off auto-logon, hit Disable. Also, if the shift key is held down before the system performs an autologon, the autologon will be disabled for that logon. You can also pass the username, domain and password as command-line arguments:

autologon user domain password

Note: When Exchange Activesync password restrictions are in place, Windows will not process the autologon configuration.

I'm curious what "domain" is in this context? I'm using windows 10 on a desktop machine.

Do I have to add autologon.exe to Windows Startup?

Link to comment
Share on other sites

  • Solution

Autologon takes command line arguments so using it might be simpler than you think. 

autologon.exe <username> <domain> <password>

If the PC in question isn't joined to a Windows Domain, you would use the name of the PC. Example from the command line:

autologon.exe noellarkin %COMPUTERNAME% MyC0mplexP@ssword

Right before you trigger your logoff use autologon to set whoever you want to log in next. Example in AutoIt:

$iPID = Run ( @ComSpec & " /c c:\path\to\autologon.exe noellarkin " & @computername & " MyC0mplexP@ssword" , "" ,  @SW_HIDE )

Shutdown (0)


Edited by rsn
Link to comment
Share on other sites

Good point @rudi. I wouldn't use it in an enterprise or domain environment since it is decryptable and, more importantly, that the creds are passed in plain text during the setup. But for some simple home/personal use, the attack profile is relatively low.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...