Windows 10 Autologon on Deployment

I normally deploy Windows version 1607 and just recently became acquainted with the post-1703 OOBE and Autologon settings regression.

The issue:
OOBE will wipe autologon settings, if they are implemented during the same boot as setupcomplete.cmd. This nullifies scripted/touchless Windows 10 deployment methods.

The solution:
Use setupcomplete.cmd and schtasks.exe to make a scheduled task that runs on the next start. Upon reboot, the scheduled task waits [an amount of time] before adding autologon settings, making a task to delete itself and reboot the computer, then running the task.

My improvements:
– Consolidate the solution implemented by others into one script/scheduledtask.
– Avoid unnecessarily long and inconsistent wait times.
– Designed to handle both windows 7 and windows 10 deployments.
– Use a secure method (as secure as possible with autologon)

@ECHO OFF
:: Run this script as an onstart Scheduled Task created by setupcomplete.cmd, if implemented in a Windows 10 deployment
:: Run this script directly from setupcomplete.cmd, if implemented in a Windows 7 deployment
:: Include autologon.exe in the same directory as this script

:: Account to use for autologon
SET ACCOUNT=dummyuser
SET PASSWORD=dummypassword

PUSHD %~dp0
:: Check if windows 10
FOR /F "tokens=3" %%A IN ('REG QUERY "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /V "ReleaseId"') DO SET "RELEASEID=%%A"

SET Key="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

:: Avoid OOBE autologon regression, post win10 1703
IF 1%RELEASEID% GEQ 11703 (
	REG ADD %KEY% /V AutoAdminLogon /T REG_SZ /D "1" /F
	:WAIT_FOR_CHANGE
	REG QUERY %KEY% /V AutoAdminLogon
	IF %ERRORLEVEL%==0 TIMEOUT /T 3 /NOBREAK>nul & GOTO WAIT_FOR_CHANGE
)

:: Activate autologon
REG DELETE %KEY% /V AutoLogonCount /F
REG DELETE %KEY% /V DefaultUserName /F
timeout /t 1
autologon -accepteula %ACCOUNT% . %PASSWORD%
timeout /t 1
REG ADD %KEY% /V AutoAdminLogon /T REG_SZ /D "1" /F

:: Cleanup scheduled task and restart, if win10
IF DEFINED RELEASEID ( START cmd /c TIMEOUT /T 1 & SCHTASKS /DELETE /TN Autologon /F & Shutdown /r /t 1 )

:: Delete itself
(goto) 2>nul & del "%~f0"

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: