Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,100 questions
Is it known that AutoLogon.exe does not remove the DefaultPassword from the LSA Secrets store / Registry?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 45%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
McDonald, Matthew
101
Reputation points
I was playing with AutoLogon.exe for the first time today and was testing the security around the DefaultPassword. I have found tools that can easily decrypt the password, but that weak security is known.
What I wonder though, is if it is known that when using AutoLogon to disable the auto logon, it appears it does not REMOVE the previously stored encrypted password. That's a bit of a concern.
Further, at this point I do not know a way to clear this out. I tried setting a bogus password, but it seems AutoLogon first validates the username/password before it will store it.
Sysinternals