AD Domain login without password?

Hi,

I am trying to set up a laptop for my parents (age >80). Currently, they own a non-domain laptop with three users: admin (myself, password protected), grandpa, grandma. They log in passwordless, for the users the passwords are disabled. Additionally, both have an account in my domain, e.g. for email and nextcloud, however they do not knowledge on the background - I simple preconfigured all password for them. The risk is very limited as the do not move the laptop outside the house.

Now - their laptop came to age and I have got a nice HP laptop, much more RAM, SDD and modern processor. It is already pre-installed and it is member of my NS active directory domain (I used it for my wife). Is it somehow possible to log in a domain user on windows without password for this domain? Of course, the password must not be empty as it is still required for email .

TIA
Thorsten

NethServer Version: 7.9
Module: samba4

Would an automatic login work where no password is prompted? After, you can set a local GPO and enable Windows Hello PIN if they need a simple way to re-login after the fact.

1 Like

Hi Rocye,

I found this, too, but I am not sure: This does work only for one pre-defined / default user, correct? I want the phyiscal users (mum / dad) to select the respective user account as it is common for a stand alone PC e.g. via pictures.

TIA
Thorsten

Yup, the registry enables autologon for one user.

I dont think what you want is actually possible, using passwords especially within a A.D. .

I would simple things up, create locally those two users without any password.

I think @ssabbath is right. There is no need to have the laptop added to the domain. Just create 2 local accounts without password.
To access nextcloud and mail, set the credentials in the browser and they can ‘auto log in’ there.
To access nextcloud and mail, create shortcuts on the desktop or in the browser.

1 Like

Yes,
obviously it is necessary to remove the laptop from the domain - but shock - the need to log is still active even with local users - and the option to turn on automatic logon is does not exist - I guess I will have to re-install Windows … on the other hand, i noticed that the webcam seems to be out of order - I will need to replace it … consequently a re-install seems to be the most feasible option.

Thank you all
Thorsten

@thorsten

Hi

In a similiar situation (Client, not my parents) I cloned the Machine P2V. On the Notebook, I installed a Linux Mint and a preconfigured Remina RDP Client…

This would allow a single click authenticated access (Renmina stores the passwords), you also have the advantage of full automatic backups in case something goes south…

My first such client was 82 years old, and at the time in bad health with several operations. It improved 1-2 years later…

I cloned his WinXP to Parallels, and ran it on a Macbook, as at the time XP was discontinued, and my client did not want to learn anything new, nothing but Microsoft Outlook Express! This worked very well…

2 years later, some pakistani from London rang up my client and claimed to come from Microsoft. My client was 3 hours on the phone, and had already paid 300.- CHF to the guy…
His wife called me, and I told her to hang up his phone…
It seems the pakistani guy thought he had easy prey - Windows XP… He installed over 10 remote control tools, even TeamViewer - but could NEVER connect. No surprise, that XP was “isolated” for protection, and Team Viewer couldn’t connect to the Internet… Must have been really friustrated the poor guy!
In any case, I had everything documented, and sent one of the first documentated cases to the Swiss MELANI, the official CyberCrime Institute in Switzerland…

:slight_smile:

My 2 cents
Andy

What about logon automated to a network-share?
Just start a “logon.bat” with win autostart.
Something like:

@echo off

if exist i: goto END

net use i: \\NETHSERVER\share /user:user\domain password /persistent:NO

:END

Just an idea.

BR Ralf

Sorry for the late follow up but it seemed like you had great input from the community here, can you give us an update?

I’ve had several older customers needing support like this where passwords seem to be hard/near impossible for them to remember. I’ve been able to set automatic login for a domain joined user account with GPO/mapped folders automatically being deployed. I then use Windows Hello Face or PIN if they do not have a web cam working. For me at worst, they have to remember a 5 digit number (zip code here in the states) or look at the webcam to re-sign in.

You can try the following with rsat tools, but I don’t know if it works with a samba AD.

You can do it but why on earth someone need this sort of policy. Any how you can do this by editing two policies

Change min password length to0

Disable password complexity requirement.

It is from here:
https://specialties.bayt.com/en/specialties/q/150637/how-to-remove-domain-user-password-i-want-to-login-without-password/

I have seen some youtube videos of indians scammers doing all kind of stuff, its a pretty nasty business.

Brazilians are “imune” to it since most of us barely speaks portuguese.

Had something similar, corrupted Windows XP, elder client wanted to use WinXP but his notebook only accepted Windows 98SE installs! Honestly dont remember how i did it, but worked out! :grinning: