Forum Discussion
Problem with autologin on multi app Kiosk Win 10
Hello guys,
I have a problem with multiple Windows machines. All machines are Dell optiplex 7060 and few Intel NUC's and all have enabled TPM (or PTT). They have latest W10 2004 installed, fully updated.
All machines are deployed through Intune as multi app kiosk, with two apps - Zoom Rooms and Teamviewer.
Process for setup is I import csv file from machine (I manually add group tag kiosk). It's assigned to dynamic group, from there it gets Deployment profile.
Everything work as expected with Windows 1903 or 1909 until last update.
For already deployed machines, few of them (not all) after update to 2004 were unable to autologin.
Initial setup goes perfectly, unfortunately when it's done I don't get autologin. It asks me for user and when I enter .\kioskUser0 it goes in and works as expected.
I’ve accessed devices also with my admin account, updated everything (Windows and drivers), still the same.
I also changed the registry for WinLogon - AutoAdminLogon to 1 (keeps reseting to 0), DefaultPassword (whole entry keeps deleting), DefaultUserName (set to kioskUser0).
Nothing helped.
I've also done several manual syncs through Intune for all devices that have autologin issue, also didn't help.
I've done also some further testing with one dell optiplex 7060 and now all new deployements (tried with 1909 and 2004) had autologin problem.
I've attached few screenshots for configuration.
Any ideas how can I solve this issue?
I've found out what was causing this issue.
Problem was in Windows 10 security baseline profile.
It was assigned to all devices and kiosk group wasn’t among excluded groups.
Check your security baseline profiles, maybe there lies solution...
Hello, possibly you have an Exchange Active Sync policy active. Check the Event Viewer logs for auto logon issues under Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational. An EAS policy breaks autologon. See one of the notes: https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows.
At this moment unknown where the EAS policy is set for Windows 10.
JamelEla Yes, you are correct. I've made a screenshot from freshly installed device and from "old" one.
On device that I tried to change registry for autologin, I have many warnings. On newly installed only one error since I didn't made any changes to registry.
I checked and we haven't configured any EAS policies. Maybe Windows have some default policies.
I found by googling more similar cases, however not a resolution.
Any ideas where EAS policy is located or how can I solved this?
Hey mivanovic945,
typically password policies will break your Autologon scenario. Check if you have configured any Password policies in Intune or Compliance Policy checking for Password complexity etc. they will break your Autologon scenario, same like the EAS policies.
best,
Oliver
Hi mivanovic945,
As ErReddy says when the EAS reg key is present on the device, autologon will be turned off. The problem is that if you delete it manually and then re-enable autologon, the EAS key will be added again and autologon will be turned off once the device syncs with MEM.
To solve this we had to create our own service which searches for this key, if it exists deletes it and re-enables autologon.
- SpoilerHi - did you ever figure this out? We are facing same problem. We are about to go same route and have something check for and delete those keys whenever they exist, but wondering if you got to the bottom of it? We have cases open to MS at the moment, as we are experiencing this issue with Win10 Kiosks and Teams Room Systems as well.
I've found out what was causing this issue.
Problem was in Windows 10 security baseline profile.
It was assigned to all devices and kiosk group wasn’t among excluded groups.
Check your security baseline profiles, maybe there lies solution...
