Jul 18 2020 02:37 PM
Hello guys,
I have a problem with multiple Windows machines. All machines are Dell optiplex 7060 and few Intel NUC's and all have enabled TPM (or PTT). They have latest W10 2004 installed, fully updated.
All machines are deployed through Intune as multi app kiosk, with two apps - Zoom Rooms and Teamviewer.
Process for setup is I import csv file from machine (I manually add group tag kiosk). It's assigned to dynamic group, from there it gets Deployment profile.
Everything work as expected with Windows 1903 or 1909 until last update.
For already deployed machines, few of them (not all) after update to 2004 were unable to autologin.
Initial setup goes perfectly, unfortunately when it's done I don't get autologin. It asks me for user and when I enter .\kioskUser0 it goes in and works as expected.
I’ve accessed devices also with my admin account, updated everything (Windows and drivers), still the same.
I also changed the registry for WinLogon - AutoAdminLogon to 1 (keeps reseting to 0), DefaultPassword (whole entry keeps deleting), DefaultUserName (set to kioskUser0).
Nothing helped.
I've also done several manual syncs through Intune for all devices that have autologin issue, also didn't help.
I've done also some further testing with one dell optiplex 7060 and now all new deployements (tried with 1909 and 2004) had autologin problem.
I've attached few screenshots for configuration.
Any ideas how can I solve this issue?
Jul 20 2020 01:01 AM
Hello, possibly you have an Exchange Active Sync policy active. Check the Event Viewer logs for auto logon issues under Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational. An EAS policy breaks autologon. See one of the notes: https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows.
At this moment unknown where the EAS policy is set for Windows 10.
Jul 20 2020 09:59 AM
@JamelEla Yes, you are correct. I've made a screenshot from freshly installed device and from "old" one.
On device that I tried to change registry for autologin, I have many warnings. On newly installed only one error since I didn't made any changes to registry.
I checked and we haven't configured any EAS policies. Maybe Windows have some default policies.
I found by googling more similar cases, however not a resolution.
Any ideas where EAS policy is located or how can I solved this?
Jul 21 2020 03:42 AM
Hey @mivanovic945,
typically password policies will break your Autologon scenario. Check if you have configured any Password policies in Intune or Compliance Policy checking for Password complexity etc. they will break your Autologon scenario, same like the EAS policies.
best,
Oliver
Jul 22 2020 03:08 AM
Hi @Oliver Kieselbach ,
I removed in Intune all policies and configuration profiles (other than kiosk) for Kiosk device.
Nothing gets assigned, i have verified that in intune portal.
I've also checked in PC itself which policies are applied and nothing is applied.
I've attached screenshot from xml file that I exported from powershell.
Best regards,
Milos
Sep 30 2020 06:23 AM
Oct 02 2020 12:33 AM
Hi @mivanovic945,
As @ErReddy says when the EAS reg key is present on the device, autologon will be turned off. The problem is that if you delete it manually and then re-enable autologon, the EAS key will be added again and autologon will be turned off once the device syncs with MEM.
To solve this we had to create our own service which searches for this key, if it exists deletes it and re-enables autologon.
Nov 03 2020 04:58 AM
Nov 03 2020 08:40 AM
@ErReddy I tried to delete registry key and it always re-appear.
Nov 03 2020 08:55 AM
@Josh Hammond We also have open ticket at MS regarding this. It's almost same issue.
I've tested with MS support various scenarios and we found out that issue is with Autopilot.
I created one service user, assign proper license, added it to deployment group and tested if login from offline installation would create proper kiosk user and autologin work.
After signing in with service user everything worked perfectly.
Kiosk user was created and I had no problem with autologin.
I've setup 6 mini PC's this way and I didn't have any problems.
Point is - we narrow it down to Autopilot problem.
We will investigate further, but that's all for now.
Dec 15 2020 07:23 AM
SolutionI've found out what was causing this issue.
Problem was in Windows 10 security baseline profile.
It was assigned to all devices and kiosk group wasn’t among excluded groups.
Check your security baseline profiles, maybe there lies solution...
Nov 03 2021 06:04 AM
Nov 25 2021 07:40 AM
@jfarmer , I had the same issue. I excluded the devices from compliance policy. I have been testing it for 2 days now and autologin still works
You could try that. Later I will create another compliance policy just for devices with autologin.
Feb 17 2022 08:05 AM
Sep 08 2022 05:23 AM
Dec 15 2020 07:23 AM
SolutionI've found out what was causing this issue.
Problem was in Windows 10 security baseline profile.
It was assigned to all devices and kiosk group wasn’t among excluded groups.
Check your security baseline profiles, maybe there lies solution...