How to keep regedit changes from being overwritten on startup?


  1. Posts : 3
    win10
       #1

    How to keep regedit changes from being overwritten on startup?


    In a nutshell, the situation is that I have a Dell business PC with UEFI enabled and set up to only display logon for the last logged in user, who had been the only user on the machine before she was let go; as a side note, this user does not appear when running 'net user' from the cmd line which leads me to suspect it is an MS cloud account, but in any case I am attempting to change the settings so that other users can login, or more specifically, a list of users or just the option to login as a different user.

    I have come across any number of well constructed registry fixes to change various start up options or displays, but whatever I put in just keeps getting overwritten on startup, for example, here's the most recent one I've tried;

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\UserSwitch

    Changed value of the key enabled from 0 to 1, which would nominally be enough to bring up a regular login.

    Next, I went into SYSTEM user permissions on the same registry folder, which I assumed was the account the changes were being overwritten with on startup and revoked access.

    So what happened?

    The changes were wiped out the same as before on startup. HELP!!

    To be clear, if anyone knows some simple fix to what I'm describing other than what I've detailed above I'll be happy to try it. Thanks for taking the time to read through my sad little tale of woe!
      My Computer


  2. Posts : 16,784
    Windows 10 Home x64 Version 22H2 Build 19045.4170
       #2

    The normal way to achieve this would be using the built-in utility netplwiz [C:\Windows\System32\Netplwiz.exe]. I would expect you to find that that previous user's account had its checkbox cleared and all you'd have to do is click in it to set it. Then a normal login screen should appear every time you start Windows.

    You would also find that setting netplwiz to require all logins had reset that Registry key back to 1. Many Registry key values are a result of setting other things not the cause of their being set so I suspect this particular Registry key is one of those. I think, but I have never properly tested this, that the two AutoLogon Registry entries at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon are the master entries in this case.

    By the way, net user should list all users except hidden users. The previous user would be identified by her C:\Users\... folder name not by her full username if she was logging in using an online account. You can confirm the list of non-hidden users at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList in the entries starting with S-1-5-21-... [There is some information about hidden users at How to logon to a hidden account in window 7 - Microsoft Community]

    Denis
      My Computer


  3. Posts : 3
    win10
    Thread Starter
       #3

    First of all, thanks for taking the time--I didn't mention it specifically, but I had already tried Netplwiz and the issue is the same as with Netuser--Microsoft accounts are 'hidden' accounts I cannot get to with those cmds (will try to post pics after I finish typing, but don't know about pic size limits, if any), and yes, the accounts are listed in the C/user folders.

    From Netplwiz, the 'require all users to logon, et al' checkbox is checked.

    I tried to change a setting in Registry once again along the lines you suggested and the same thing happened all over again. On startup the registry changes were once again wiped on startup, so I guess I'm back where I started.


    Not sure if it might have any bearing on situation, but all of the initial local accounts, ie; admin and guest were disabled when pc was first set up and since then I have enabled the admin account, but I'm wondering if it would make any difference if I added local users if perhaps it is defaulting somehow to the Microsoft account because there's nothing else local aside from admin account.

    HELP x2!



    How to keep regedit changes from being overwritten on startup?-20170104_214817.jpgHow to keep regedit changes from being overwritten on startup?-20170104_215310_scratched.jpgHow to keep regedit changes from being overwritten on startup?-20170104_210824.jpgHow to keep regedit changes from being overwritten on startup?-20170104_211046.jpgHow to keep regedit changes from being overwritten on startup?-20170104_215143.jpg
    Last edited by TenMacke; 05 Jan 2017 at 17:45. Reason: grammar
      My Computer


  4. Posts : 1,773
    Windows 10 Home
       #4

    Fast Startup is known to wipe registry edits on next start. Test by disabling then restart
      My Computer


  5. Posts : 16,784
    Windows 10 Home x64 Version 22H2 Build 19045.4170
       #5

    Microsoft accounts are not 'hidden' accounts - I have some on my computers and I have checked. They are shown in
    • Net user results
    • Settings, Accounts
    • Control panel, User accounts

    So there must be some other explanation for her account not being shown.

    I think you need to research what might have been done to limit her logon screen to just her account. You also need to check the possibility that she limited logon screen to just her account, used netplwiz to achieve auto-login & then hid her account [I gave you a link for this above].

    In any event, you are currently in a dodgy state since you have only one available visible account and that one is the irreplacable BuiltIn Admin. I recommend creating two password-protected local Admin accounts. One is for troubleshooting and the other is in reserve to guard against the risk that the first one might get broken [user profile corruption does happen]. You can then disable the BuiltIn Admin.

    Once you have created these Admin accounts, you can continue you investigation. Of course, it might be quicker to forget the current problem and just reinstall Windows & all your applications as soon as you have rescued any data you need from the computer.

    Denis
      My Computer


  6. Posts : 3
    win10
    Thread Starter
       #6

    To Mr. Geek and Try3,

    I want to thank both of you for bringing up ideas and/or particular insights I never would have come up with on my own--which of course is the main reason I came on the site.

    Had no idea there was a fast boot feature enabled by default in Win10 which neatly and methodically wipes out any changes made anywhere in your startup.

    In confirming what I should have been seeing when using net user and netplwiz I was able to deductively identify the account in place as an cloud type MS account.

    The very last lead I came up with was a friend offering to test a custom hacking script designed to break in remotely (amazing the random talents of people you go to work with!).

    I have no doubt I was well on the way to unraveling the rest of this UEFI, secure boot, business class adventure in hacking, but after putting in over 40 hours and counting over the past week and a half, I finally gave in and bought a password unlocker for 29.95 something that did the trick in 5 minutes, which is to say it converted the MS account to a local account and then reset it--PROBLEM SOLVED!!

    Once again, can't thank you guys enough.

    Wayne
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:04.
Find Us




Windows 10 Forums