Skip to content
Support
  • There are no suggestions because the search field is empty.

How to create an Auto-login Admin Account on a workstation using Microsoft Intune

Overview

This knowledge base article provides step-by-step instructions how to create an auto-login admin account which is a local or domain account on a workstation using Microsoft Intune. This is similar to that of using Kiosk mode where you have an "Auto-login Admin Account" deployed as configuration profile.

The three options with step-by-step instructions will be demonstrated below:

Option 1: Using Win32 app to create Auto logon account (kioskuser0) with no password
Option 2: Using Win32 app to create local auto-login admin account with password
Option 3: Using Win32 app to Create an Entra ID auto-login admin account with password

Steps for Option 1: Auto Logon Account (kioskuser0)

1. Prepare the following scripts which will be used to convert as a Win32 Application in the next step.
Install.ps1

Note: Optional for you to customise your $username. If you do update $username, make sure to update value of 'DefaultUserName'. Update a desired password value for 'DefaultPassword'.

Add-LocalGroupMember -Group "Administrators" -Member kioskuser0
Set-LocalUser -Name "kioskuser0" -PasswordNeverExpires 1

if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) { New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultDomainName" -Value ".\" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value ".\kioskuser0" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoLogonCount" -Value "1" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon" -Value "1" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "ForceAutoLogon" -Value "1" -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "LastUsedUsername" -Value "kioskuser0" -PropertyType String -Force -ea SilentlyContinue;

Restart-Computer -Force

Uninstall.ps1

 

if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) { New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoLogonCount"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultDomainName"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "ForceAutoLogon"

Restart-Computer -Force

2. It should now look like this.

3. Download Win32 Content Prep Tool, then convert the Install.ps1 as a .intunewin format. Your folder should look like this.

4. Navigate to Microsoft Intune portal, then select Apps then select By platform: Windows then select Add. Select App type then select Windows app (Win32), then click Select.

5. Click on Select app package file then click on select a file then select OK.

6. Under App Information, enter the required details for the application. Then select Next.


7. Under Program, select and enter the following:
Install command:
%windir%\sysnative\windowspowershell\v1.0\powershell.exe -executionPolicy bypass -windowstyle hidden -file .\Install.ps1

Uninstall command:
%windir%\sysnative\windowspowershell\v1.0\powershell.exe -executionPolicy bypass -windowstyle hidden -file .\Uninstall.ps1

Installation time required (mins): 60
Allow available uninstall: Yes
Install behaviour: System
Device restart behaviour: App install may force a device restart
Then select Next.



8. Under Requirements, select the following:
Operating system architecture: 64-bit
Minimum operating system: Windows 10 1903
Then select Next.

9. 10. Under Detection rules, select the following:
Rules format: Registry
Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value name: DefaultUserName
Detection method: String comparison
Operator: Equals
Value: .\kioskuser0

Then select OK.

10. Under Dependencies, leave as default and select Next.
11. Under Supersedence, leave as default and select Next.
12. Under Assignments, select assignment group and select Next.
13. Under Review + create, review all settings and select Create.

14. Go to the device, run Company Portal and select Sync. Once the app is installed successfully, it will automatically restart and auto login under local user account: Auto.


Steps for Option 2: Local Auto-Login Admin Account

1. Prepare the following scripts which will be used to convert as a Win32 Application in the next step.
Install.ps1

Note: Optional for you to customise your $username. If you do update $username, make sure to update value of 'DefaultUserName'. Update a desired password value for 'DefaultPassword'.

# Create Username and Password
$username = "Auto"
$password = ConvertTo-SecureString "EnterAPassword" -AsPlainText -Force 
# Creating the user
New-LocalUser -Name "$username" -Password $password -FullName "$username" -Description "Auto Admin Account"
Add-LocalGroupMember -Group "Administrators" -Member $username
Set-LocalUser -Name "$username" -PasswordNeverExpires 1

if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) { New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultDomainName" -Value ".\" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value ".\Auto" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoLogonCount" -Value "1" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon" -Value "1" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "ForceAutoLogon" -Value "1" -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultPassword" -Value "EnterAPassword" -PropertyType String -Force -ea SilentlyContinue;

Restart-Computer -Force

Uninstall.ps1

 

if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) { New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoLogonCount"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultDomainName"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "ForceAutoLogon"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultPassword"

Restart-Computer -Force

2. It should now look like this.

3. Download Win32 Content Prep Tool, then convert the Install.ps1 as a .intunewin format. Your folder should look like this.

4. Navigate to Microsoft Intune portal, then select Apps then select By platform: Windows then select Add. Select App type then select Windows app (Win32), then click Select.

5. Click on Select app package file then click on select a file then select OK.

6. Under App Information, enter the required details for the application. Then select Next.


7. Under Program, select and enter the following:
Install command:
%windir%\sysnative\windowspowershell\v1.0\powershell.exe -executionPolicy bypass -windowstyle hidden -file .\Install.ps1

Uninstall command:
%windir%\sysnative\windowspowershell\v1.0\powershell.exe -executionPolicy bypass -windowstyle hidden -file .\Uninstall.ps1

Installation time required (mins): 60
Allow available uninstall: Yes
Install behaviour: System
Device restart behaviour: App install may force a device restart
Then select Next.



8. Under Requirements, select the following:
Operating system architecture: 64-bit
Minimum operating system: Windows 10 1903
Then select Next.

9. 10. Under Detection rules, select the following:
Rules format: Registry
Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value name: DefaultUserName
Detection method: String comparison
Operator: Equals
Value: Auto

Then select OK.

10. Under Dependencies, leave as default and select Next.
11. Under Supersedence, leave as default and select Next.
12. Under Assignments, select assignment group and select Next.
13. Under Review + create, review all settings and select Create.

14. Go to the device, run Company Portal and select Sync. Once the app is installed successfully, it will automatically restart and auto login under local user account: Auto.

Steps for Option 3: Domain Auto-Login Admin Account


1. Prepare the following scripts which will be used to convert as a Win32 Application in the next step.
Install.ps1 

Note: Please take note of the following changes:
- Entra joined: Make sure to update value under 'DefaultUserName' to point to like AzureAD\automation@domain.com and change the value of 'DefaultDomainName' to point to AzureAD

- Hybrid Entra joined: Make sure to update value under 'DefaultUserName' to point to like DomainName\automation@domain.com and change the value of 'DefaultDomainName' to point to DomainName.local

if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) { New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value "AzureAD\ServiceAcccount@domain.com" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoLogonCount" -Value "99999" -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon" -Value "1" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultDomainName" -Value "AzureAD" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "ForceAutoLogon" -Value "1" -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultPassword" -Value "ServiceAccountPassword" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "IsConnectedAutoLogon" -Value "0" -PropertyType DWord -Force -ea SilentlyContinue;

Restart-Computer -Force


Uninstall.ps1

 

if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) { New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoLogonCount"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultDomainName"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "ForceAutoLogon"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultPassword"

Restart-Computer -Force


2. It should look like this.

3. Download Win32 Content Prep Tool, then convert the Install.ps1 as a .intunewin format. Your folder should look like this.

4. Navigate to Microsoft Intune portal, then select Apps then select By platform: Windows then select Add. Select App type then select Windows app (Win32), then click Select.

5. Click on Select app package file then click on select a file then select OK.

6. Under App Information, enter the required details for the application. Then select Next.

7. Under Program, select and enter the following:
Install command:
%windir%\sysnative\windowspowershell\v1.0\powershell.exe -executionPolicy bypass -windowstyle hidden -file .\Install.ps1

Uninstall command:
%windir%\sysnative\windowspowershell\v1.0\powershell.exe -executionPolicy bypass -windowstyle hidden -file .\Uninstall.ps1

Installation time required (mins): 60
Allow available uninstall: Yes
Install behaviour: System
Device restart behaviour: App install may force a device restart
Then select Next.

8. Under Requirements, select the following:
Operating system architecture: 64-bit
Minimum operating system: Windows 10 1903
Then select Next.

9. Under Detection rules, select the following:
Rules format: Registry
Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value name: DefaultUserName
Detection method: String comparison
Operator: Equals
Value: AzureAD\Username@domain.com

10. Under Dependencies, leave as default and select Next.
11. Under Supersedence, leave as default and select Next.
12. Under Assignments, select assignment group and select Next.
13. Under Review + create, review all settings and select Create.

14. Go to the device, run Company Portal and select Sync. Once the app is installed successfully, it will automatically restart and auto login under local user account: AzureAD\Username@domain.com.