Caution
If your computer is part of a domain, you can’t change the logon from the Classic method to the Welcome screen.
Setting Up an Automatic Logon
If you’re using a
standalone computer that no one else has access to (or that will be used
by people you trust), you can save some time at startup by not having
to type a username and password. In this scenario, the easiest way to do
this is to set up Windows XP with just a single user account, which
means Windows XP will log on that user automatically at startup. If you
have multiple user accounts (for testing purposes, for example) or if
you want the Administrator account to be logged on automatically, you
need to set up Windows XP for automatic logons.
Caution
Setting up an
automatic logon is generally not a good idea for notebook computers
because they’re easily lost or stolen. By leaving the logon prompt in
place, the person who finds or steals your notebook will at least be
unlikely to get past the logon, so your data won’t be compromised.
If you have Tweak UI,
open the Logon, Autologon setting and activate the Log On Automatically
at System Startup check box. Type the username and click Set Password
to enter the account password. When you click OK, Tweak UI makes some
changes in the following Registry key:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
The AutoAdminLogon value is set to 1, your username appears in the DefaultUserName setting, and your password appears in the DefaultPassword setting. Note that your password appears as plain text, so anyone can read it or even change it.
Tip
You can temporarily suspend the automatic logon by holding down the Shift key while Windows XP starts up.
If you only want the automatic logon to occur a set number of times, open the following Registry key:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Create a new string setting named AutoLogonCount
and set its value to the number of times you want the automatic logon
to occur. With each logon, Windows XP decrements this setting until it
reaches zero, at which point Windows XP sets AutoAdminLogon to 0 to disable the automatic logon.
Accessing the Administrator Account
Another chore you
performed during the Windows XP setup routine was to specify an
Administrator password. One of the confusing aspects about Windows XP is
that, after the setup is complete, the Administrator account seems to
disappear. The secret is that Administrator is actually a hidden account
that appears only in a limited set of circumstances, such as when you
boot Windows XP in Safe mode or when there are no other
administrative-level accounts defined on your system. Outside of these
scenarios, there are several ways to log on to Windows XP using the
Administrator account:
If you’re using the Welcome screen, press Ctrl+Alt+Delete twice.
If you’re using the classic logon, type Administrator in the User Name text box.
Set up an automatic logon using the Administrator (see the next section).
Tweak
Windows XP to make the Administrator account visible in the Welcome
screen. To do this, open the Registry Editor and navigate to the
following key:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Add a new DWORD value named Administrator and set its value to 1. (To hide Administrator in the Welcome screen, set this value to 0.)
Tip
The UserList
Registry key is also useful for hiding accounts. If you have a user
account defined but you don’t want other users to see that name in the
Welcome screen, add a DWORD value to the UserList key, give it the same name as the user, and set its value to 0. You can access this account using the same methods that I outlined in this section for the Administrator account.
Setting Logon Policies
Windows
XP Professional defines a number of security policies related to the
logon process. You can get to these policies in two ways:
In the Group
Policy editor, select Computer Configuration, Windows Settings,
Security Settings, Local Policies, Security Options.
In the Local Security Settings editor, select Security Settings, Local Policies, Security Options.
Most of the logon
options are listed in the Interactive Logon grouping. Here’s a list of
the most useful options (note that all of these options apply to the
Classic logon):
Do Not Display Last User Name | Enable
this option to clear the User Name text box each time the Log On to
Windows dialog box appears. Although it adds a bit of inconvenience to
the logon, this is a good security feature because it denies an intruder
an important piece of information: a legitimate system username. This
policy modifies the following Registry key (0 = disable; 1 = enable):HKLM\Software\Microsoft\Windows\ CurrentVersion\policies\system\ dontdisplaylastusername
|
Do Not Require CTRL+ALT+DEL | Enable
this policy to bypass the initial Welcome to Windows dialog box (the
one that prompts you to press Ctrl+Alt+Delete) and go directly to the
Log On to Windows dialog box. This can save you a startup step, but it
decreases the security of the logon. The main concern here is that your
system might get infected with a virus or Trojan horse program that
displays a fake Log On to Windows dialog box as a ruse to capture your
username and password. If you decide to enable this policy, make sure
that you have a good anti-virus program and that you use it often. This
policy modifies the following Registry key (0 = disable; 1 = enable):HKLM\Software\Microsoft\Windows\ CurrentVersion\policies\system\ DisableCAD
|
Message Text for User Attempting to Log On | Use
this option to specify a text message that appears in a dialog box
after any user presses Ctrl+Alt+Delete (but before the Log On to Windows
dialog box appears). This policy modifies the following Registry
setting:HKLM\Software\Microsoft\Windows\CurrentVersion\ policies\system\legalnoticetext
|
Message Title for Users Attempting to Log On | Use
this option to set the title of the dialog box that contains the
message to the user that you specified in the previous setting. This
policy modifies the following Registry setting:HKLM\Software\Microsoft\Windows\CurrentVersion\ policies\system\legalnoticecaption
|
Number of Previous Logons to Cache (In Case Domain Controller Is Not Available) | Use this option to set the number of previous domain logons (username, password, and domain) that Windows XP will retain. |
| By
retaining a logon, Windows XP enables that user to log on to Windows XP
even if a domain controller isn’t present (for example, on a notebook
that isn’t always connected to the network at startup). This policy
modifies the following Registry setting:HKLM\Software\Microsoft\Windows NT\ CurrentVersion\Winlogon\cachedlogonscount
|
Prompt User to Change Password Before Expiration | Use
this option to set the number of days before which a user’s password
expires that a warning message to that effect is displayed.
This policy modifies the following Registry setting:HKLM\Software\Microsoft\Windows NT\ CurrentVersion\Winlogon\passwordexpirywarning |