Securing the Box- Force autologin+startup

[thehorse13]

This thread puzzles me. First, you have someone using auto login and the word "secure" in the same sentence. Baaad.

Next, you have someone using the term "admin" auto login, which suggests that a local admin account may be used to auto login a user. Then you have the question asked about how to lockdown the host and make it more secure. Even if he is logging in AD user accounts, there are tons of issues with doing so.

I'm left puzzled. Why the hell would you use autologin in the first place? This means that *anyone* can boot that machine and have at your network. Let's not forget the very basic need of accountability. How will you know who did something if you're auto logging in clients?

This leads me to the simple answer to all of this. Fire the IT dept and hire someone capable of setting up and securing a domain properly. If you do this, end users will not be able to bypass anything. The answer seems overly simple to me.

[kr5kernel]

Agreed, autologin through the registry leaves the password of the account in question in plain text...not a good thing.

If you are trying to lock down apps, i recommend using active directory on the domain and setting a group policy that ONLY allows the execution of specific program you decide to allow.

I have seen windows 2000 achines that had wireless cards auto login, and the network was not detected before the network credentials were sent, this leaves you with a logged in cached account with no policies in place, someone could fireup regedit grab the password and be on there way.