If you prefer a GUI, you can force the missing checkbox to reappear. This is the "hottest" trick for junior admins.
This is the most common way to enable auto-login, but on Windows 11, the required checkbox is often hidden by default. Here is how to make it appear and configure it.
Step 1: Open the User Accounts Dialog
Step 2: Uncheck the Requirement
Step 3: Enter Domain Credentials
Upon the next restart, Windows 11 will bypass the lock screen and sign directly into that domain account.
Microsoft provides a tool called Autologon (Sysinternals) which handles the registry edits and encrypts credentials using the LSA secret mechanism.
Auto-login for a domain user on Windows 11 is achievable via registry modifications or the Sysinternals Autologon tool. While suitable for specific low-risk scenarios, it must be implemented with extreme caution. Organizations should prefer alternative solutions such as:
If auto-login is mandatory, always use a dedicated, non-privileged domain account, restrict the number of automatic logins, and enforce full-disk encryption.
Appendix A: Sample registry import (.reg) file
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoAdminLogon"="1" "DefaultDomainName"="CONTOSO" "DefaultUserName"="kioskuser" "DefaultPassword"="SecureP@ss123" "AutoLogonCount"="5" "IgnoreShiftOverride"="1"
Appendix B: Removal script (run as admin to disable)
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 0 /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /f
End of Report
How to Configure Windows 11 Auto Login for Domain Users Setting up an automatic login for a Windows 11 machine joined to a domain is a common requirement for kiosks, digital signage, or shared lab environments. However, because domain accounts require authentication against a Domain Controller (DC), the process is slightly different than a standard local account.
Here is the most reliable way to get this running, ranging from the easiest "official" tool to manual registry tweaks. Method 1: Using Autologon (The Recommended Way)
The safest and easiest method is using Autologon, a utility from Microsoft’s own Sysinternals suite. It encrypts the password in the registry rather than leaving it in plain text. Download: Grab Autologon from Microsoft Learn.
Run: Extract the zip and run Autologon64.exe as an Administrator. Fill Details: Username: The domain user (e.g., KioskUser). Domain: Your Active Directory domain (e.g., CORP). Password: The user's password.
Enable: Click Enable. You’ll receive a message stating that autologon is configured and the password is encrypted. Method 2: The Registry Editor (Manual Way)
If you cannot download external tools, you can configure this via the Windows Registry.
Note: This method stores the password in plain text, which is a security risk. Use this only for non-sensitive accounts in a secure physical location. Press Win + R, type regedit, and hit Enter.
Navigate to:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Modify (or create as String Values/REG_SZ) the following keys: AutoAdminLogon: Set to 1. DefaultUserName: The name of the domain user. DefaultDomainName: The name of the domain. DefaultPassword: The user's password.
Crucial Step for Windows 11: You may need to create a String Value named DevicePasswordLessBuildVersion in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device and set it to 0. This disables "Windows Hello sign-in for Microsoft accounts," which often hides the auto-login options. Method 3: Group Policy (For Multiple Machines)
If you are an admin wanting to push this to several domain-joined PCs, use Group Policy Preferences (GPP). Open Group Policy Management.
Create a new GPO and navigate to:Computer Configuration > Preferences > Windows Settings > Registry. Add the same Registry keys mentioned in Method 2.
Warning: Using GPP to push passwords is deprecated by Microsoft because the "cPasswords" in the XML files were easily decrypted. For a large-scale deployment, consider using a Scheduled Task that runs at startup to launch the user session. Troubleshooting Common Issues
The "Legal Notice" Obstacle: If your domain has a GPO that shows a "Legal Notice" or "Message Title" that requires clicking "OK" before login, Auto Login will hang. You must disable these specific policies for the kiosk machine:
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Restricted Sign-in: Ensure the domain user has "Allow log on locally" rights in the User Rights Assignment policy.
Shift-Override: If you need to log in as a different user (like an Admin), hold the Shift key during the entire boot-up/log-off process to bypass the automatic login. Security Best Practice
Always use a Least Privilege Account. The domain user used for auto-login should have no administrative rights and should only have access to the specific folders or applications required for its task.
Streamlining Your Startup: How to Enable Windows 11 Auto-Login for Domain Users
Setting up a Windows 11 machine to log in automatically can save time in specific scenarios, such as for kiosk displays, shared demo stations, or specialized industrial workstations. However, for domain-joined machines, the process is slightly different than for local accounts.
This guide covers the three most effective ways to configure auto-login for a domain user on Windows 11. Method 1: Use the Microsoft Autologon Utility (Recommended)
The most reliable and secure method for domain environments is using the Autologon tool from Microsoft Sysinternals. Unlike manual registry edits, this tool encrypts your password in the registry instead of storing it in plain text.
Download and Extract: Download the Autologon utility and extract the files.
Run as Administrator: Right-click the Autologon64.exe (or Autologon.exe) and select Run as administrator. Enter Credentials: Username: Enter the domain username.
Domain: Enter your fully qualified domain name (e.g., contoso.com). Password: Enter the account password.
Enable: Click Enable. You should see a confirmation message that autologon was successfully configured. Restart: Reboot your computer to test the setup. Method 2: Manual Registry Configuration
If you prefer not to use third-party tools, you can configure the registry directly. Warning: This method stores your domain password in plain text, which is a significant security risk if unauthorized users gain access to the machine. Configure Windows to automate logon - Microsoft Learn
12 Feb 2026 — In this article * Use Registry Editor to turn on automatic logon. * Use Sysinternals tool Autologon to configure AutoAdminLogon. * Microsoft Learn Autologon - Sysinternals - Microsoft Learn
The search term indicates frequent pain points:
| Issue | Description |
|-------|-------------|
| Credential prompt after applying | Windows 11 requires DefaultDomainName + DefaultUserName in correct format. Missing DefaultPassword or policy override. |
| Domain password expiration | Auto-login fails when password expires. No built-in notification. |
| Windows Hello / PIN conflict | If Windows Hello is set up, auto-login may be bypassed. |
| Network availability before logon | Domain controller unreachable → cached credentials required. Auto-login may fail if DC is offline and no cache. |
| Group Policy “Interactive logon: Do not require CTRL+ALT+DEL” | Must be enabled for seamless auto-login. |
| Credential Guard / Virtualization-Based Security | Blocks reading of LSA secrets → auto-login fails. |
| Windows 11 22H2+ security hardening | Microsoft removed netplwiz auto-login checkbox by default (requires registry tweak to restore). |