If you need to enable AutoLogin in Windows, you can use the registry. However, the password is stored in clear text. It's not a good idea to store a password in clear text. Instead, you can use the LSA to encrypt the password. Note that this is what SysInternals Autologon does. Also, note that the password is not encrypted using the user password. It's encrypted using a key stored in the LSA, and all Administrators can read the stored password.
Let's implement AutoLogon using .NET. First, we need to create a new console application:
Shell
dotnet new console
To store secrets using LSA, you can use the LsaStorePrivateData method. A simpler way to use these methods in .NET is to use the Meziantou.Framework.Win32.Lsa NuGet package:
Shell
dotnet add package Meziantou.Framework.Win32.Lsa
Finally, you can write the registry values and the password:
C#
// Must be run as Administrator to be able to write to the registry and LSA
using Microsoft.Win32;
using var key = Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", writable: true);
key.SetValue("AutoAdminLogon", "1", RegistryValueKind.String);
key.SetValue("DefaultDomainName", "", RegistryValueKind.String);
key.SetValue("DefaultUserName", "username", RegistryValueKind.String);
Meziantou.Framework.Win32.LsaPrivateData.SetValue("DefaultPassword", "dummy");
#Additional resources
Do you have a question or a suggestion about this post? Contact me!
