Finding computers with 'AutoAdminLogon' configured

Below is a mof edit and a suggested report to assist in finding computers which are configured to login automatically.  By design, your imaging process may leverage AutoAdminLogon.  In that case, AutoLogonCount will have a value--I would guess generally 2 or 3 would be your highest count reported.  If AutoLogonCount is in the hundreds or thousands or AutoLogonCount is blank that may point you to a security risk in your environment.

//`'`*._.*`'`*-
//  Reporting Class - for ConfigMgr, put this section in sms_def.mof
//`'`*._.*`'`*-
 
 #pragma namespace("\\\\.\\root\\cimv2\\SMS")
 
 [SMS_Report(TRUE), SMS_Group_Name("AutoAdminLogon"),SMS_Class_ID("SMSExpert|AutoAdminLogon|1.0")]
 class AutoAdminLogon : SMS_Class_Template
{
 [SMS_Report(TRUE),key] string KeyName;
 [SMS_Report(TRUE)]     string DefaultDomainName;
 [SMS_Report(TRUE)] string DefaultUserName;
 [SMS_Report(TRUE)] string DefaultPassword;
 [SMS_Report(TRUE)] string AutoAdminLogon;
 [SMS_Report(TRUE)]     uint32 AutoLogonCount;
};

//`'`*._.*`'`*-
//  Data Class - for ConfigMgr, put this section in configuration.mof
//`'`*._.*`'`*-

#pragma namespace("\\\\.\\root\\cimv2")
 [DYNPROPS]
 class AutoAdminLogon
{
 [key] string  Keyname="";
       string  DefaultDomainName;
       string  DefaultUserName;
       string  DefaultPassword;
       string  AutoAdminLogon;
       uint32  AutoLogonCount;
};


[DYNPROPS]
instance of AutoAdminLogon
{
KeyName = "AutoAdminLogon";
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|DefaultDomainName"),
Dynamic,Provider("RegPropProv")] DefaultDomainName;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|DefaultUserName"),
Dynamic,Provider("RegPropProv")] DefaultUserName;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|DefaultPassword"),
Dynamic,Provider("RegPropProv")] DefaultPassword;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|AutoAdminLogon"),
Dynamic,Provider("RegPropProv")] AutoAdminLogon;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|AutoLogonCount"),
Dynamic,Provider("RegPropProv")] AutoLogonCount;
};

A report to get you started: 

select sys.name0, aal.AutoAdminLogon0 [Auto Logon Enabled], aal.AutoLogonCount0 [Number of Auto Logons Remaining (BDD/MD)], aal.DefaultDomainName0 [Domain Name], aal.DefaultPassword0 [Default Password], aal.DefaultUserName0 [Default UserName]
from v_gs_AutoAdminLogon0 aal join v_r_system sys on sys.resourceid=aal.resourceid
where aal.AutoAdminLogon0 = 1

Published Friday, February 22, 2008 5:31 AM by skissinger
Filed under: , ,

Comments

# Computers

Pingback from  Computers

Friday, February 22, 2008 11:17 AM by Computers

# Finding computers with 'AutoAdminLogon' configured

Pingback from  Finding computers with 'AutoAdminLogon' configured

Friday, February 22, 2008 12:17 PM by Finding computers with 'AutoAdminLogon' configured