Problem with autologin on multi app Kiosk Win 10

%3CLINGO-SUB%20id%3D%22lingo-sub-1531321%22%20slang%3D%22en-US%22%3EProblem%20with%20autologin%20on%20multi%20app%20Kiosk%20Win%2010%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1531321%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20guys%2C%3C%2FP%3E%3CP%3EI%20have%20a%20problem%20with%20multiple%20Windows%20machines.%20All%20machines%20are%20Dell%20optiplex%207060%20and%20few%20Intel%20NUC's%20and%20all%20have%20enabled%20TPM%20(or%20PTT).%20They%20have%20latest%20W10%202004%20installed%2C%20fully%20updated.%3C%2FP%3E%3CP%3EAll%20machines%20are%20deployed%20through%20Intune%20as%20multi%20app%20kiosk%2C%20with%20two%20apps%20-%20Zoom%20Rooms%20and%20Teamviewer.%3C%2FP%3E%3CP%3EProcess%20for%20setup%20is%20I%20import%20csv%20file%20from%20machine%20(I%20manually%20add%20group%20tag%20kiosk).%20It's%20assigned%20to%20dynamic%20group%2C%20from%20there%20it%20gets%20Deployment%20profile.%3C%2FP%3E%3CP%3EEverything%20work%20as%20expected%20with%20Windows%201903%20or%201909%20until%20last%20update.%3C%2FP%3E%3CP%3EFor%20already%20deployed%20machines%2C%20few%20of%20them%20(not%20all)%20after%20update%20to%202004%20were%20unable%20to%20autologin.%3C%2FP%3E%3CP%3EInitial%20setup%20goes%20perfectly%2C%20unfortunately%20when%20it's%20done%20I%20don't%20get%20autologin.%20It%20asks%20me%20for%20user%20and%20when%20I%20enter%20.%5CkioskUser0%20it%20goes%20in%20and%20works%20as%20expected.%3C%2FP%3E%3CP%3EI%E2%80%99ve%20accessed%20devices%20also%20with%20my%20admin%20account%2C%20updated%20everything%20(Windows%20and%20drivers)%2C%20still%20the%20same.%3C%2FP%3E%3CP%3EI%20also%20changed%20the%20registry%20for%20WinLogon%20-%20AutoAdminLogon%20to%201%20(keeps%20reseting%20to%200)%2C%20DefaultPassword%20(whole%20entry%20keeps%20deleting)%2C%20DefaultUserName%20(set%20to%20kioskUser0).%3C%2FP%3E%3CP%3ENothing%20helped.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20also%20done%20several%20manual%20syncs%20through%20Intune%20for%20all%20devices%20that%20have%20autologin%20issue%2C%20also%20didn't%20help.%3C%2FP%3E%3CP%3EI've%20done%20also%20some%20further%20testing%20with%20one%20dell%20optiplex%207060%20and%20now%20all%20new%20deployements%20(tried%20with%201909%20and%202004)%20had%20autologin%20problem.%3C%2FP%3E%3CP%3EI've%20attached%20few%20screenshots%20for%20configuration.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%20how%20can%20I%20solve%20this%20issue%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1531321%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAutopilot%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ekiosk%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1532618%22%20slang%3D%22en-US%22%3ERe%3A%20Problem%20with%20autologin%20on%20multi%20app%20Kiosk%20Win%2010%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1532618%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F732794%22%20target%3D%22_blank%22%3E%40mivanovic945%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHello%2C%20possibly%20you%20have%20an%20Exchange%20Active%20Sync%20policy%20active.%20%3CSPAN%3ECheck%20the%20Event%20Viewer%20logs%20for%20auto%20logon%20issues%20under%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EApplications%20and%20Services%20Logs%5CMicrosoft%5CWindows%5CAuthentication%20User%20Interface%5COperational%3C%2FSTRONG%3E.%20An%20EAS%20policy%20breaks%20autologon.%20See%20one%20of%20the%20notes%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F324737%2Fhow-to-turn-on-automatic-logon-in-windows%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F324737%2Fhow-to-turn-on-automatic-logon-in-windows%3C%2FA%3E.%3C%2FP%3E%3CP%3EAt%20this%20moment%20unknown%20where%20the%20EAS%20policy%20is%20set%20for%20Windows%2010.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1533632%22%20slang%3D%22en-US%22%3ERe%3A%20Problem%20with%20autologin%20on%20multi%20app%20Kiosk%20Win%2010%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1533632%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F733562%22%20target%3D%22_blank%22%3E%40JamelEla%3C%2FA%3E%26nbsp%3BYes%2C%20you%20are%20correct.%20I've%20made%20a%20screenshot%20from%20freshly%20installed%20device%20and%20from%20%22old%22%20one.%3C%2FP%3E%3CP%3EOn%20device%20that%20I%20tried%20to%20change%20registry%20for%20autologin%2C%20I%20have%20many%20warnings.%20On%20newly%20installed%20only%20one%20error%20since%20I%20didn't%20made%20any%20changes%20to%20registry.%3C%2FP%3E%3CP%3EI%20checked%20and%20we%20haven't%20configured%20any%20EAS%20policies.%20Maybe%20Windows%20have%20some%20default%20policies.%3C%2FP%3E%3CP%3EI%20found%20by%20googling%20more%20similar%20cases%2C%20however%20not%20a%20resolution.%3C%2FP%3E%3CP%3EAny%20ideas%20where%20EAS%20policy%20is%20located%20or%20how%20can%20I%20solved%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1535295%22%20slang%3D%22en-US%22%3ERe%3A%20Problem%20with%20autologin%20on%20multi%20app%20Kiosk%20Win%2010%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1535295%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F732794%22%20target%3D%22_blank%22%3E%40mivanovic945%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Etypically%20password%20policies%20will%20break%20your%20Autologon%20scenario.%20Check%20if%20you%20have%20configured%20any%20Password%20policies%20in%20Intune%20or%20Compliance%20Policy%20checking%20for%20Password%20complexity%20etc.%20they%20will%20break%20your%20Autologon%20scenario%2C%20same%20like%20the%20EAS%20policies.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ebest%2C%3C%2FP%3E%0A%3CP%3EOliver%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1538010%22%20slang%3D%22en-US%22%3ERe%3A%20Problem%20with%20autologin%20on%20multi%20app%20Kiosk%20Win%2010%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1538010%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F174439%22%20target%3D%22_blank%22%3E%40Oliver%20Kieselbach%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20removed%20in%20Intune%20all%20policies%20and%20configuration%20profiles%20(other%20than%20kiosk)%20for%20Kiosk%20device.%3C%2FP%3E%3CP%3ENothing%20gets%20assigned%2C%20i%20have%20verified%20that%20in%20intune%20portal.%3C%2FP%3E%3CP%3EI've%20also%20checked%20in%20PC%20itself%20which%20policies%20are%20applied%20and%20nothing%20is%20applied.%3C%2FP%3E%3CP%3EI've%20attached%20screenshot%20from%20xml%20file%20that%20I%20exported%20from%20powershell.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%2C%3C%2FP%3E%3CP%3EMilos%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hello guys,

I have a problem with multiple Windows machines. All machines are Dell optiplex 7060 and few Intel NUC's and all have enabled TPM (or PTT). They have latest W10 2004 installed, fully updated.

All machines are deployed through Intune as multi app kiosk, with two apps - Zoom Rooms and Teamviewer.

Process for setup is I import csv file from machine (I manually add group tag kiosk). It's assigned to dynamic group, from there it gets Deployment profile.

Everything work as expected with Windows 1903 or 1909 until last update.

For already deployed machines, few of them (not all) after update to 2004 were unable to autologin.

Initial setup goes perfectly, unfortunately when it's done I don't get autologin. It asks me for user and when I enter .\kioskUser0 it goes in and works as expected.

I’ve accessed devices also with my admin account, updated everything (Windows and drivers), still the same.

I also changed the registry for WinLogon - AutoAdminLogon to 1 (keeps reseting to 0), DefaultPassword (whole entry keeps deleting), DefaultUserName (set to kioskUser0).

Nothing helped.

 

I've also done several manual syncs through Intune for all devices that have autologin issue, also didn't help.

I've done also some further testing with one dell optiplex 7060 and now all new deployements (tried with 1909 and 2004) had autologin problem.

I've attached few screenshots for configuration.

 

Any ideas how can I solve this issue?

4 Replies
Highlighted

@mivanovic945 

Hello, possibly you have an Exchange Active Sync policy active. Check the Event Viewer logs for auto logon issues under Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational. An EAS policy breaks autologon. See one of the notes: https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows.

At this moment unknown where the EAS policy is set for Windows 10. 

Highlighted

@JamelEla Yes, you are correct. I've made a screenshot from freshly installed device and from "old" one.

On device that I tried to change registry for autologin, I have many warnings. On newly installed only one error since I didn't made any changes to registry.

I checked and we haven't configured any EAS policies. Maybe Windows have some default policies.

I found by googling more similar cases, however not a resolution.

Any ideas where EAS policy is located or how can I solved this?

Highlighted

Hey @mivanovic945,

 

typically password policies will break your Autologon scenario. Check if you have configured any Password policies in Intune or Compliance Policy checking for Password complexity etc. they will break your Autologon scenario, same like the EAS policies.

 

best,

Oliver

Highlighted

Hi @Oliver Kieselbach ,

 

I removed in Intune all policies and configuration profiles (other than kiosk) for Kiosk device.

Nothing gets assigned, i have verified that in intune portal.

I've also checked in PC itself which policies are applied and nothing is applied.

I've attached screenshot from xml file that I exported from powershell.

 

Best regards,

Milos