Microsoft Windows can be set up to automatically logon using a pre-defined user account without prompting the user for logon credentials at boot time. Windows retrieves login account information from the registry, specifically three registry values:
DefaultPassword,DefaultUserName,\sDefaultDomainName.
Anyone who has physical access to the computer can access the computer’s contents, programs, and files, as well as the Siemens Intranet and any other services accessible through this user account. Furthermore, the password is stored in plain text in the Windows Registry (in the DefaultPassword registry value), which is remotely accessible to members of the built-in WindowsAuthenticated Users group.
To remove the registry entries for AutoAdminLogon and DefaultPassword you can use the following PowerShell script.
$RegKey = “HKLM:\SO FTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon”
ForEach ($subkey in “AutoAdminLogon”, “DefaultPassword”)
{
if (Get-ItemProperty -Name $subkey -path $RegKey -ErrorAction SilentlyContinue)
{
Remove-ItemProperty -Path $RegKey -Name $subkey
}
}
