Re: Tweak UI - Password encryption and autologon

From: Ramesh, MS-MVP (ramesh_at_XOX.mvps.org)
Date: 08/31/05

Next message: Ramesh, MS-MVP: "Re: Tweak UI - Password encryption and autologon"
Previous message: J: "how to stop freelancer server operator installation"
In reply to: Larry Williams: "Re: Tweak UI - Password encryption and autologon"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 31 Aug 2005 20:59:14 +0530

Glad that helped, Larry.

-- 
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
"Larry Williams" <LarryWilliams@discussions.microsoft.com> wrote in message 
news:3A0532DE-7073-4464-9B8B-684E8B4AD591@microsoft.com...
>
> Excellent!  This is the information I was looking for.
>
> Thanks Ramesh.
>
> "Ramesh, MS-MVP" wrote:
>
>> It's stored in a protected area. So does the Userpasswords2 method.
>>
>> Protecting the Automatic Logon Password:
>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/protecting_the_automatic_logon_password.asp
>>
>> -- 
>> Ramesh, Microsoft MVP
>> Windows XP Shell/User
>> http://windowsxp.mvps.org
>>
>>
>> "Larry Williams" <LarryWilliams@discussions.microsoft.com> wrote in 
>> message
>> news:9F2725D9-1559-43D2-8E0A-25A3247227A8@microsoft.com...
>> >
>> > Not with my version of Tweak 2.10.0.0.  I even did a search from my
>> > password
>> > in the registry.
>> >
>> > Could it be you've set the registry password some other way?
>> >
>> > "Doug Knox MS-MVP" wrote:
>> >
>> >> TweakUI does store the password in the Registry, un-encrypted.
>> >>
>> >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 
>> >> NT\CurrentVersion\Winlogon
>> >>
>> >> DefaultPassword
>> >>
>> >> -- 
>> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart
>> >> Display\Security
>> >> Win 95/98/Me/XP Tweaks and Fixes
>> >> http://www.dougknox.com
>> >> --------------------------------
>> >> Per user Group Policy Restrictions for XP Home and XP Pro
>> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >> --------------------------------
>> >> Please reply only to the newsgroup so all may benefit.
>> >> Unsolicited e-mail is not answered.
>> >>
>> >> "Larry Williams" <LarryWilliams@discussions.microsoft.com> wrote in
>> >> message news:2B5A2991-888F-4243-B69E-9F86B7132290@microsoft.com...
>> >> > Okay.  Thanks.
>> >> >
>> >> > I was hoping the Tweak stored your password in the registry but I
>> >> > wasn't
>> >> > able to find it.
>> >> >
>> >> > I read chapter 15 of the MS XP Registry Guide and plan on seting 
>> >> > this
>> >> > up
>> >> > just before the restart and including an entry for the 
>> >> > "AutoLogonCount"
>> >> > of 1
>> >> > so the information is automatically removed after the restart.
>> >> >
>> >> > "Doug Knox MS-MVP" wrote:
>> >> >
>> >> >> You can't.  The autologon feature expects to see a plaintext 
>> >> >> password.
>> >> >> You're only option would be to write a custom GINA DLL for
>> >> >> authentication that would know how to decrypt the stored password.
>> >> >>
>> >> >> -- 
>> >> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart
>> >> >> Display\Security
>> >> >> Win 95/98/Me/XP Tweaks and Fixes
>> >> >> http://www.dougknox.com
>> >> >> --------------------------------
>> >> >> Per user Group Policy Restrictions for XP Home and XP Pro
>> >> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >> >> --------------------------------
>> >> >> Please reply only to the newsgroup so all may benefit.
>> >> >> Unsolicited e-mail is not answered.
>> >> >>
>> >> >> "Larry Williams" <LarryWilliams@discussions.microsoft.com> wrote in
>> >> >> message news:84365F2D-EEF9-409F-85D4-B2813F7F4C6B@microsoft.com...
>> >> >> > I'm writing a program that will accept a userid and password to 
>> >> >> > do
>> >> >> > an
>> >> >> > autologon after a restart using the following registry entries:
>> >> >> >
>> >> >> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
>> >> >> > NT\CurrentVersion\Winlogon
>> >> >> >
>> >> >> > DefaultUserName "your_username"
>> >> >> > DefaultPassword "your_password"
>> >> >> > AutoAdminLogon "1"
>> >> >> >
>> >> >> > However, if for some reason my program doesn't run properly and
>> >> >> > remove the
>> >> >> > userid/password when it's finished then I want to ensure that the
>> >> >> > password
>> >> >> > can't just be read from the registry.  Therefore I need to know 
>> >> >> > how
>> >> >> > to do the
>> >> >> > same thing that Tweak UI does and store an encrypted version of 
>> >> >> > the
>> >> >> > password.
>> >> >> >
>> >> >> > Any ideas?
>> >> >>
>> >>
>>
>>

Next message: Ramesh, MS-MVP: "Re: Tweak UI - Password encryption and autologon"
Previous message: J: "how to stop freelancer server operator installation"
In reply to: Larry Williams: "Re: Tweak UI - Password encryption and autologon"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Cant search from Explorer address bar
... Ramesh - Microsoft MVP ... I am running Windows XP Professional. ... > Ramesh - Microsoft MVP ... > Windows XP Shell/User ...
(microsoft.public.windows.inetexplorer.ie6.setup)
Re: 80,000 and counting - dead
... Ramesh, Microsoft MVP ... Windows XP Shell/User ...
(microsoft.public.windowsxp.general)
Re: popup blocker removal?
... Ramesh, Microsoft MVP ... Windows XP Shell/User ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Windows Explorer rt-clicking results in termination
... Ramesh, Microsoft MVP ... Windows XP Shell/User ... >I am quite comfortable editing the Registry, just don't know ALL there is ... > Explorer has behaved itself w/o further incident. ...
(microsoft.public.windowsxp.general)
Re: <User> Documents link in "My Computer" goes to wrong location
... Ramesh, Microsoft MVP ... Windows XP Shell/User ...
(microsoft.public.windowsxp.help_and_support)