You need a local service account that logs on automatically when Windows 11 starts. This is common for servers, kiosks, or lab machines where a non-interactive account runs a background service or script. The built-in Windows autologon feature uses the registry to store credentials and bypass the login screen. This article explains how to configure autologon for a local service account using the Netplwiz tool and the Registry Editor.
Key Takeaways: Configure Autologon for a Local Service Account
- Netplwiz > User Accounts > Uncheck “Users must enter a user name and password”: Quick method to enable autologon for any local account.
- Registry Editor > HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: Manual registry method for scripted or remote deployments.
- Sysinternals Autologon tool: Simple command-line utility from Microsoft that automates the registry setup.
Understanding Autologon for Local Service Accounts
Autologon is a Windows feature that automatically signs in a specified user account at system startup. It stores the username, domain, and password in the registry under the Winlogon key. Windows reads these values during boot and submits them to the credential provider, bypassing the interactive login screen.
For a local service account, the account must already exist on the machine. A service account is typically a standard user account created specifically to run one or more services or scheduled tasks. It should not be a built-in account like SYSTEM or LOCAL SERVICE, because those accounts cannot be configured for autologon through the standard methods.
Prerequisites for this process:
- A local user account with a non-expiring password. Service accounts should have passwords set to never expire.
- Administrator access on the Windows 11 machine.
- The account must be enabled and not locked out.
Security considerations: Autologon stores passwords in the registry in an encrypted format using LSA secrets. However, any user with administrative privileges can decrypt and retrieve the password. Do not use autologon for accounts with elevated privileges or for accounts that access sensitive data.
Steps to Enable Autologon Through Netplwiz
The Netplwiz method is the most straightforward for a single machine. It uses the classic user accounts control panel applet.
- Press Windows + R, type netplwiz, and press Enter
The User Accounts window opens. This dialog lists all local users on the machine. - Select the local service account from the list
Click the account name once to highlight it. Do not double-click. - Uncheck the box “Users must enter a user name and password to use this computer”
This checkbox appears near the top of the User Accounts window. If it is grayed out, you may need to disable Fast Startup in Power Options first. - Click Apply
A dialog titled “Automatically Sign In” appears. This is where you enter the credentials for the service account. - Type the service account username and password twice, then click OK
The User name field should match the local account name exactly. Do not include the computer name or domain prefix. Leave the Domain field blank for local accounts. - Click OK to close the User Accounts window
Windows saves the credentials to the registry. Restart the machine to test the autologon behavior.
Steps to Enable Autologon Using Registry Editor
Use the Registry Editor method when you need to deploy autologon to multiple machines or when Netplwiz does not work due to group policy restrictions.
- Press Windows + R, type regedit, and press Enter
Registry Editor opens. Confirm the UAC prompt if required. - Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Copy and paste this path into the address bar at the top of Registry Editor for faster access. - Double-click the DefaultUserName value
If the value does not exist, right-click in the right pane, select New > String Value, and name it DefaultUserName. Set its value data to the name of the local service account. - Double-click the DefaultPassword value
If the value does not exist, create a new String Value named DefaultPassword. Set its value data to the password for the service account. - Double-click the AutoAdminLogon value
If the value does not exist, create a new String Value named AutoAdminLogon. Set its value data to 1. - Optional: Set DefaultDomainName to the computer name
For local accounts, this value can be left blank or set to the machine name. Create a new String Value named DefaultDomainName if needed. - Close Registry Editor and restart the computer
Windows reads the registry values during boot and logs in automatically.
Steps to Enable Autologon Using the Sysinternals Autologon Tool
The Sysinternals Autologon tool is a lightweight command-line utility from Microsoft. It writes the same registry values but includes an extra encryption layer for the password.
- Download Autologon from the Microsoft Sysinternals website
Search for “Sysinternals Autologon” and download the ZIP file. Extract the Autologon.exe file to a folder on the target machine. - Right-click Autologon.exe and select Run as administrator
The tool displays a simple dialog with fields for Username, Domain, and Password. - Enter the local service account username and password
Leave the Domain field blank. Click Enable. - Click OK on the confirmation message
The tool writes the values to the registry and displays “Autologon is configured” at the bottom of the window. - Restart the computer to test the autologon
The tool also offers a command-line mode: run Autologon.exe username domain password /accepteula to configure silently.
Common Issues and Things to Avoid
Autologon Does Not Work After a Windows Update
Some Windows updates reset autologon settings or require Fast Startup to be disabled. Open Power Options > Choose what the power buttons do > Change settings that are currently unavailable, then uncheck Turn on fast startup. Restart and reconfigure autologon.
Password Expiration Breaks Autologon
If the service account password expires, autologon fails silently and the login screen appears. Set the password to never expire using Local Users and Groups or the command net user username /expires:never.
Account Lockout After Multiple Failed Autologon Attempts
If the stored password is incorrect, Windows tries to log on repeatedly, which may lock the account if account lockout policy is enabled. Verify the password in the registry or use the Netplwiz method to re-enter credentials.
Group Policy Overrides Autologon Settings
Domain-joined machines may have group policies that disable autologon. Check the policy “Interactive logon: Machine inactivity limit” and “Interactive logon: Do not display last user name” in Local Group Policy Editor (gpedit.msc).
Netplwiz vs Registry Editor vs Sysinternals Autologon
| Item | Netplwiz | Registry Editor |
|---|---|---|
| User interface | Graphical dialog | No interface, manual key edit |
| Password encryption | Stored as LSA secret | Stored as plain text in registry |
| Best for | Single machine, one-time setup | Scripted or remote deployments |
| Requires admin rights | Yes | Yes |
| Works after Windows Update | Sometimes requires reconfiguration | Persistent unless policy overrides |
The Sysinternals Autologon tool combines the ease of a GUI with encrypted storage. It is the recommended method for most scenarios because it encrypts the password and provides a simple command-line option for automation.
You can now configure autologon for any local service account on Windows 11 using one of three methods. For ongoing maintenance, verify that the password does not expire and that Fast Startup is disabled. If you need to remove autologon later, open Netplwiz and recheck the box “Users must enter a user name and password” or set AutoAdminLogon to 0 in the registry.