DefaultPassword (advapi32)
Last changed: -73.92.20.68
.
Summary
If you enable autologon, it is more convenient to use Windows; however this feature may pose a security risk. If you set a computer for autologon, anyone who can physically obtain access to the computer can gain access to all of the computer contents, including any network or networks it is connected to. In addition, when autologon is enabled, the password is stored in the registry in plaintext. The specific registry key that stores this value is remotely readable by the Authenticated Users group. This setting is only recommended for cases where the computer is physically secured, and steps have been taken to ensure that untrusted users cannot remotely access the registry.

A more secure way is to store the AutoLogon password in LSA using LsaStorePrivateData with DefaultPassword as KeyName and the password as PrivateData

C# Signature:

[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]

    private static extern uint LsaStorePrivateData(
         IntPtr policyHandle,
         ref LSA_UNICODE_STRING KeyName,
         ref LSA_UNICODE_STRING PrivateData
    );

VB Signature:

Declare Function DefaultPassword Lib "advapi32.dll" (TODO) As TODO

User-Defined Types:

None.

Alternative Managed API:

Do you know one? Please contribute it!

Notes:

None.

Tips & Tricks:

Please add some!

Sample Code:

C++ sample code:

https://docs.microsoft.com/en-us/windows/win32/secauthn/protecting-the-automatic-logon-password

C# sample code:

see LsaRetrievePrivateData

Documentation