Auto Login, Kiosks, and DUO Agent (work around?)

Good Morning,
We have a number of pcs, such a time clock’s or plant control computers. These computers are on the domain and locked down with group policy.

We had them all configured with registry keys to auto log in with a specific account. These accounts do NOT have local admin rights on those PCs.

Once pushing out the DUO agent, these registry keys no longer work. I still want these computers to have the agent, so if I, as an admin, log in, I get 2-factored. But I still need the day to day user to log on automatically. Its not realistic to expect the line operators to remember 10 different computer logins for these shared PC’s.

According to support, this is not possible. Has anyone found a way to work around this, short of putting a label with the password on each computer monitor?

1 Like

Hello,

I too, would like to be able to do this.

Thank you,

Bret Macolino

Is the auto-login feature in Windows 10 supported when protecting Windows with Duo?

I’ve attached the incredibly shortsighted policy statement on the use of Auto-login. The brevity of the statement doesn’t hinder the pedantic sentiment. They have spoken, peasant.

Yet they have a bypass option for the user. Why, if it’s so cut and dry?

Hi @ErikC ,

The distinction between that statement on Windows autologin and the concept of Duo bypass status for a user is that no Duo status permits a user to skip primary authentication. Duo for Windows Logon is intended as additional security for interactive logons.

This is a distinction in words only. You are not actually skipping the login. It is being done for you by storing your username and encrypted password.

The point is that the user has only kiosk-like access. We want anyone with actual access to use 2FA.

Having no DUO is not the option that we want. If that is what you prefer, we will start looking at other solutions.