Re: Tweak UI - Password encryption and autologon

From: Larry Williams (LarryWilliams_at_discussions.microsoft.com)
Date: 08/31/05 

Date: Wed, 31 Aug 2005 06:41:02 -0700

Excellent! This is the information I was looking for.

Thanks Ramesh.

"Ramesh, MS-MVP" wrote:

> It's stored in a protected area. So does the Userpasswords2 method.
>
> Protecting the Automatic Logon Password:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/protecting_the_automatic_logon_password.asp
>
> --
> Ramesh, Microsoft MVP
> Windows XP Shell/User
> http://windowsxp.mvps.org
>
>
> "Larry Williams" <LarryWilliams@discussions.microsoft.com> wrote in message
> news:9F2725D9-1559-43D2-8E0A-25A3247227A8@microsoft.com...
> >
> > Not with my version of Tweak 2.10.0.0. I even did a search from my
> > password
> > in the registry.
> >
> > Could it be you've set the registry password some other way?
> >
> > "Doug Knox MS-MVP" wrote:
> >
> >> TweakUI does store the password in the Registry, un-encrypted.
> >>
> >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
> >>
> >> DefaultPassword
> >>
> >> --
> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart
> >> Display\Security
> >> Win 95/98/Me/XP Tweaks and Fixes
> >> http://www.dougknox.com
> >> --------------------------------
> >> Per user Group Policy Restrictions for XP Home and XP Pro
> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
> >> --------------------------------
> >> Please reply only to the newsgroup so all may benefit.
> >> Unsolicited e-mail is not answered.
> >>
> >> "Larry Williams" <LarryWilliams@discussions.microsoft.com> wrote in
> >> message news:2B5A2991-888F-4243-B69E-9F86B7132290@microsoft.com...
> >> > Okay. Thanks.
> >> >
> >> > I was hoping the Tweak stored your password in the registry but I
> >> > wasn't
> >> > able to find it.
> >> >
> >> > I read chapter 15 of the MS XP Registry Guide and plan on seting this
> >> > up
> >> > just before the restart and including an entry for the "AutoLogonCount"
> >> > of 1
> >> > so the information is automatically removed after the restart.
> >> >
> >> > "Doug Knox MS-MVP" wrote:
> >> >
> >> >> You can't. The autologon feature expects to see a plaintext password.
> >> >> You're only option would be to write a custom GINA DLL for
> >> >> authentication that would know how to decrypt the stored password.
> >> >>
> >> >> --
> >> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart
> >> >> Display\Security
> >> >> Win 95/98/Me/XP Tweaks and Fixes
> >> >> http://www.dougknox.com
> >> >> --------------------------------
> >> >> Per user Group Policy Restrictions for XP Home and XP Pro
> >> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
> >> >> --------------------------------
> >> >> Please reply only to the newsgroup so all may benefit.
> >> >> Unsolicited e-mail is not answered.
> >> >>
> >> >> "Larry Williams" <LarryWilliams@discussions.microsoft.com> wrote in
> >> >> message news:84365F2D-EEF9-409F-85D4-B2813F7F4C6B@microsoft.com...
> >> >> > I'm writing a program that will accept a userid and password to do
> >> >> > an
> >> >> > autologon after a restart using the following registry entries:
> >> >> >
> >> >> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
> >> >> > NT\CurrentVersion\Winlogon
> >> >> >
> >> >> > DefaultUserName "your_username"
> >> >> > DefaultPassword "your_password"
> >> >> > AutoAdminLogon "1"
> >> >> >
> >> >> > However, if for some reason my program doesn't run properly and
> >> >> > remove the
> >> >> > userid/password when it's finished then I want to ensure that the
> >> >> > password
> >> >> > can't just be read from the registry. Therefore I need to know how
> >> >> > to do the
> >> >> > same thing that Tweak UI does and store an encrypted version of the
> >> >> > password.
> >> >> >
> >> >> > Any ideas?
> >> >>
> >>
>
>

Relevant Pages