Configuring Auto Login

The first step when approaching a thinkiosk deployment is deciding how you will login to the kiosks. ThinKiosk can be deployed to an auto login account, (domain or local) or can also be configured to run as the end user. The setup options are flexible to how you wish to deploy it.

Below you will find a breakdown on how to achieve each of these scenarios and the steps involved:

Deploying an “auto login” account with thinkiosk:



When deploying an auto login account, the kiosk will boot to windows thenautomatically log in as the specified user. This configuration is favourable as it removes the users group policys, login scripts, etc forcing the user to authenticate at the web interface and once the users desktop or application ends the kiosk is immediately accessible to the next user.

You can choose to use an active directory user to auto login or a local computer account. The benefits of using a Domain account are more favourable as the account can be centrally managed and maintained. For this reason I personally recommend using a domain account.

If you do choose a local account, deployment via group policy probably wont work. Consider a local account deployment for small implementations where you can manage the pc’s locally.

To configure an auto login account, use the ThinKiosk Group Policy from the downloads section. This Policy includes all relevant options to take advantage of this native functionality via group policy.

  • This group policy can be configured on the local machine or via a Domain deployment.
  • This group policy can be used with a default domain account or local.


Deploying an auto login account via group policy:



Follow the following guide (if neccessary) on how to import the group policy. Once you have the policy imported, Browse to:

Computer Configuration > Policies > Administrative Templates > Classic Administrative Templates > Thinkiosk Settings> AutoLogon settings.





Now configure each of the policies listed, I’ve included examples below:




  1. Autologon to workstation: Enable this option to specify you wish to use an auto login account
  2. ForceAutologon to workstation: By default Autologon on works for the first login, forcing auto logon will mean the pc will always login as the specified account
  3. Default User Name: The user nameof the account (domain or local)  you wish to login as.
  4. Default Password: The password of the above account
  5. Default Domain: The Users domain if the user is a domain member, if not use the local machine name.

Local Policy:



Using the guide above, you can configure the local machine policy of the computer by going to:

Start > run > GPEDIT.msc.

Bear in mind by configuring autologin via local policy, you must either be logged in as the user, or configure this policy at a machine level.

Batch file:



To replace the shell on a local machine,  modify the below text to include your username, password and domain then save it as a batch file. Remember to run the batch file as an administrator.

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t reg_sz /d "1" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ForceAutoLogon /t reg_sz /d "1" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t reg_sz /d "kioskuser" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t reg_sz /d "Passw0rd" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t reg_sz /d "computername or domain name" /f
  1. tahocannanTaho
    February 29, 2012 at 12:27 pm

    hmmmm it’s more easily to deploy href=”http://www.logonexpert.com”>LogonExpert tool via AD policies after Windows installation, moreover Logonexpert encrypts login/password using AES

  2. tahocannanTaho
    February 29, 2012 at 12:27 pm

    Sorry for link formating, the rigth one is http://www.logonexpert.com

  3. February 29, 2012 at 12:34 pm

    Hi Taho,

    Thanks for the additional option, but I wont recommend “paid for” solutions to pair with a free solution.

    Thanks for the link and hopefully those attempting to do this will have the option to use your comment as reference.

    A

  4. Scott McKenzie
    May 31, 2012 at 3:40 am

    I’d like to use two auto-login accounts – a local user to automatically login to the device, then a domain user that automatically logins in to the web interface. Do you think this is possible?

  5. June 12, 2012 at 3:07 pm

    Hi Andrew,

    You was dealing with a friend of mine (Ness) regarding the ThinKiosk and pass-thru Authentication. I renamed thinkiosk.exe to iexplore.exe as you explained and it only works until you logoff and logon. I found that only Internet Explorer has the ability to authenticate against a windows domain and firefox always throws up an authentication box, the same in which Thinkiosk does too. What browser are you using for your code, as I’m not having any luck with whatever browser ThinKiosk is using and the passthrough option in Citrix Web Interface 5.4.

    • June 12, 2012 at 5:47 pm

      Hi David, I have this working correctly. Let’s take this offline and have a chat. I’ll email you shorty.

  6. June 22, 2012 at 3:00 pm

    I’ve published a post here to cover the common questions around passthrough:

    http://andrewmorgan.ie/thinkiosk/getting-started/configuring-citrix-web-interface-and-pass-through-authentication/

  1. No trackbacks yet.
Comments are closed.
%d bloggers like this: