Re: Tweak UI - Password encryption and autologon

From: Doug Knox MS-MVP (dknox_at_mvps.org)
Date: 08/31/05 

Date: Tue, 30 Aug 2005 18:12:24 -0400

This appears to be a bug in TweakUI. When you set the password and click Apply, its actually deleting the DefaultPassword value, instead of setting it. All other settings are applied. 

-- 
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
 
"Larry Williams" <LarryWilliams@discussions.microsoft.com> wrote in message news:9F2725D9-1559-43D2-8E0A-25A3247227A8@microsoft.com...
> 
> Not with my version of Tweak 2.10.0.0.  I even did a search from my password 
> in the registry.
> 
> Could it be you've set the registry password some other way?
> 
> "Doug Knox MS-MVP" wrote:
> 
>> TweakUI does store the password in the Registry, un-encrypted.
>> 
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon 
>> 
>> DefaultPassword
>> 
>> -- 
>> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
>> Win 95/98/Me/XP Tweaks and Fixes
>> http://www.dougknox.com
>> --------------------------------
>> Per user Group Policy Restrictions for XP Home and XP Pro
>> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> --------------------------------
>> Please reply only to the newsgroup so all may benefit.
>> Unsolicited e-mail is not answered.
>>  
>> "Larry Williams" <LarryWilliams@discussions.microsoft.com> wrote in message news:2B5A2991-888F-4243-B69E-9F86B7132290@microsoft.com...
>> > Okay.  Thanks.
>> > 
>> > I was hoping the Tweak stored your password in the registry but I wasn't 
>> > able to find it. 
>> > 
>> > I read chapter 15 of the MS XP Registry Guide and plan on seting this up 
>> > just before the restart and including an entry for the "AutoLogonCount" of 1 
>> > so the information is automatically removed after the restart.
>> > 
>> > "Doug Knox MS-MVP" wrote:
>> > 
>> >> You can't.  The autologon feature expects to see a plaintext password.    You're only option would be to write a custom GINA DLL for authentication that would know how to decrypt the stored password.
>> >> 
>> >> -- 
>> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
>> >> Win 95/98/Me/XP Tweaks and Fixes
>> >> http://www.dougknox.com
>> >> --------------------------------
>> >> Per user Group Policy Restrictions for XP Home and XP Pro
>> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >> --------------------------------
>> >> Please reply only to the newsgroup so all may benefit.
>> >> Unsolicited e-mail is not answered.
>> >>  
>> >> "Larry Williams" <LarryWilliams@discussions.microsoft.com> wrote in message news:84365F2D-EEF9-409F-85D4-B2813F7F4C6B@microsoft.com...
>> >> > I'm writing a program that will accept a userid and password to do an 
>> >> > autologon after a restart using the following registry entries:
>> >> > 
>> >> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
>> >> > 
>> >> > DefaultUserName "your_username"
>> >> > DefaultPassword "your_password"
>> >> > AutoAdminLogon "1"
>> >> > 
>> >> > However, if for some reason my program doesn't run properly and remove the 
>> >> > userid/password when it's finished then I want to ensure that the password 
>> >> > can't just be read from the registry.  Therefore I need to know how to do the 
>> >> > same thing that Tweak UI does and store an encrypted version of the password.
>> >> > 
>> >> > Any ideas?
>> >>
>>