Autologon User Creation (Unique Configuration)

Script Overview

Automates creating an autologon user and configures Windows for automatic login. After a specified time, it cleans up the autologon settings.

The original intent: an endpoint is joined to Entra and enrolled into Intune via Autopilot, but the customer only wanted the end user logging in to a local account. Joining the PC to Entra will default the login screen to prompt for a UPN in the joined tenant, which was not desired. This script creates a new local user, grants it local admin rights, sets it up as an autologon user temporarily (so the last-logged-in user is remembered), then removes the autologin setup after 30 minutes. A sloppy workaround, but it served the customer's need.

Steps

Step 0: Verify the script hasn't already run via a marker file.
Step 1: Create the local user and add to Administrators (prevent password change).
Step 2: Set registry values for autologon.
Step 3: Create a cleanup script in ProgramData.
Step 4: Schedule the cleanup task to run in 30 minutes under SYSTEM.
Step 5: Create the marker file.
Step 6: Restart the computer.

Security note

This script stores credentials in the registry temporarily. The cleanup task removes these sensitive values after 30 minutes.

# Step 0: Check if the script has already run $markerFile = "C:\ProgramData\AutoLogonSetupComplete.txt" if (Test-Path $markerFile) { Write-Output "Setup has already completed. Exiting script." exit 0 } # Step 1: Create the local user account if it does not exist $localUser = "localuser" $plainPassword = "P@ssword123" $localPassword = $plainPassword | ConvertTo-SecureString -AsPlainText -Force if (-not (Get-LocalUser -Name $localUser -ErrorAction SilentlyContinue)) { New-LocalUser -Name $localUser -Password $localPassword -FullName "Local Autologon User" -PasswordNeverExpires -AccountNeverExpires Add-LocalGroupMember -Group "Administrators" -Member $localUser Start-Sleep -Seconds 2 cmd.exe /c "net user $localUser /passwordchg:no" Write-Output "Local user '$localUser' created and configured." } else { Write-Output "Local user '$localUser' already exists." } # Step 2: Set autologon values $regPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" Set-ItemProperty -Path $regPath -Name "AutoAdminLogon" -Value "1" -Type String Set-ItemProperty -Path $regPath -Name "DefaultUsername" -Value $localUser -Type String Set-ItemProperty -Path $regPath -Name "DefaultPassword" -Value $plainPassword -Type String Set-ItemProperty -Path $regPath -Name "DefaultDomainName" -Value "." -Type String Write-Output "Autologon values set." # Step 3: Create the cleanup script $cleanupScriptPath = "$env:ProgramData\CleanupAutoLogon.ps1" $cleanupScript = @' $regPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" $valuesToRemove = @("AutoAdminLogon","DefaultUsername","DefaultPassword","DefaultDomainName") foreach ($value in $valuesToRemove) { if (Test-Path -Path $regPath) { if (Get-ItemProperty -Path $regPath -Name $value -ErrorAction SilentlyContinue) { Remove-ItemProperty -Path $regPath -Name $value -ErrorAction SilentlyContinue } } } '@ Set-Content -Path $cleanupScriptPath -Value $cleanupScript -Force -Encoding Unicode # Step 4: Schedule cleanup in 30 minutes $taskName = "AutoLogonCleanupTask" $action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoProfile -ExecutionPolicy Bypass -File `"$cleanupScriptPath`"" $trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(30) $principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest Register-ScheduledTask -TaskName $taskName -Action $action -Trigger $trigger -Principal $principal # Step 5: Marker + Restart New-Item -Path $markerFile -ItemType File -Force | Out-Null Write-Output "Restarting in 10 seconds..." Start-Sleep -Seconds 10 Restart-Computer -Force