I am currently testing an interesting method based on this same thought process.
Create a vb script on a file server; shared to the machine accounts only and named %computername%.vbs, which does nothing but import these registry entries. Assign the GPO to the machine account so that it runs at startup, before user login that does nothing but run %computername%.vbs, yes the variable, there are several machines in the OU where the GPO is applied. Once the startup scripts are complete the auto-login is performed. After login another GPO is assigned to the user account which is another vb script that deletes the DefaultPassword value. No users ever have read access to the vb files; the Default Password is stored on the client workstation for a very short time period. This isn't considered _secure_ but for a kiosk location it seems to be working and is about as secure as I can figure it out. ;) This also means that all passwords are kept within easy reach of administrators for maintenance. On Thu, Aug 20, 2009 at 5:53 PM, Dennis Hoefer <[email protected]> wrote: > John, just to confirm spelling etc., here are the entries from the one I > have working. > > AutoAdminLogon REG_SZ 1 > DefaultDomainName REG_SZ XXX > DefaultPassword REG_SZ XXXXXXX > DefaultUserName REG_SZ XXXXXXX > ForceAutoLogon REG_SZ 1 > > Beyond that, your second solution is fairly foolproof also. > > ------------------------------ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
