Tuesday, June 21, 2011

Disabling windows vista UAC + automatic login on a domain in one go :)

I just followed the procedure mentioned here :  http://superuser.com/q/28647/57124
QUOTE:


  1. Click Start, click Run, type regedit, and then click OK. In Windows Vista/7, simply typeregedit in Start Search and hit Enter.
  2. Navigate to the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  3. Double-click the DefaultUserName entry, type the user name to log on with, and then click OK.
    If DefaultUserName registry value name is not found, create a new String Value (REG_SZ)with value name as DefaultUserName.
  4. Double-click the DefaultPassword entry, type the password for the user account under the value data box, and then click OK.
    If there is no DefaultPassword value, create a new String Value (REG_SZ) withDefaultPassword as the value name.
    Note that if no DefaultPassword string is specified, Windows automatically changes the value of the AutoAdminLogon registry key from 1 (true) to 0 (false) to turn off theAutoAdminLogon feature.
  5. In Windows Vista/7, DefaultDomainName has to be specified as well, else Windows will prompt for invalid user name with the user name displayed as .\username. To do so, double click onDefaultDomainName, and specify the domain name of the user account. If it’s local user, specify local host name.
    If the DefaultDomainName does not exist, create a new String Value (REG_SZ) registry key with value name as DefaultDomainName.
  6. Double-click the AutoAdminLogon entry, type 1 in the Value Data box, and then click OK.
    If there is no AutoAdminLogon entry, create a new String Value (REG_SZ) withAutoAdminLogon as the value name.
  7. If it exists, delete the AutoLogonCount key.
  8. Quit Registry Editor.
  9. Click Start, click Restart, and then click OK.


One thing not mentioned in the post is that if you set AutoAdminLogin to 1 UAC also gets disabled .... which is awesome. This is because local crontab software will be able to access privalaged services (e.g. reporting services) running on the same computer.

PS: the computer is in a safe location such that anyone who has physical access to the machine is a friend.