How to Configure Mode of Automatically Sign in and Lock after Restart in Windows 10


If you chose Enabled in the Sign-in and lock last interactive user automatically after a restart policy, you can configure its settings through the Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot policy​.

If you chose Disabled in the Sign-in and lock last interactive user automatically after a restart policy, then automatic sign on will not occur and the Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot policy does not need to be configured.

The Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot policy setting controls the configuration under which an automatic restart and sign on and lock occurs after a restart or cold boot.

If you enable the Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot policy setting, you can choose one of the following two options:

1. Enabled if BitLocker is on and not suspended specifies that automatic sign on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device's hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.

  • BitLocker is suspended during updates if:
    • The device doesn't have TPM 2.0 and PCR7, or
    • The device doesn't use a TPM-only protector

2. Always Enabled specifies that automatic sign on will happen even if BitLocker is off or suspended during reboot or shutdown. When BitLocker is not enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location.

If you disable or don't configure this setting, automatic sign on will default to the “Enabled if BitLocker is on and not suspended” behavior.

See also: Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot | Microsoft Docs

This tutorial will show you how to configure the mode of automatically signing in and locking last interactive user after a restart or cold boot for all users in Windows 10.

You must be signed in as an administrator to enable or disable the "Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot" policy.



Contents

  • Option One: Enable or Disable "Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot" in Local Group Policy Editor
  • Option Two: Enable or Disable "Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot" using a REG file






OPTION ONE

Enable or Disable "Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot" in Local Group Policy Editor


The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

All editions can use Option Two below.

If you enable this policy, users will not be able to turn on or off Use my sign-in info to automatically finish setting up my device after an update or restart setting.


1 Open the Local Group Policy Editor.

2 In the left pane of the Local Group Policy Editor, click/tap on to expand Computer Configuration, Administrative Templates, Windows Components, and Windows Logon Options. (see screenshot below)

Configure Mode of Auto Sign in and Lock after Restart in Windows 10-configure_automatic_sign-in_after_windows_update_reestart_gpedit-1.png

3 In the right pane of Windows Logon Options, double click/tap on the Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot policy to edit it. (see screenshot above)

This policy's name has changed to Sign-in and lock last interactive user automatically after a restart starting with Windows 10 version 1903.


4 Do step 5 (enable) or step 6 (disable) below for what you would like to do.


5 To Enable Use sign-in info to auto finish setting up device and reopen apps after update or restart for All Users

A) Select (dot) Not Configured or Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)

Not Configured is the default setting.

Not Configured will allow users to change the Use my sign-in info to automatically finish setting up my device after an update or restart setting if the Sign-in and lock last interactive user automatically after a restart policy is not enabled or disabled.

Enabled will prevent users from changing the Use my sign-in info to automatically finish setting up my device after an update or restart setting.


6 To Disable Use sign-in info to auto finish setting up device and reopen apps after update or restart for All Users

A) Select (dot) Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

Disabled will allow users to change the Use my sign-in info to automatically finish setting up my device after an update or restart setting.

Configure Mode of Auto Sign in and Lock after Restart in Windows 10-configure_automatic_sign-in_after_windows_update_reestart_gpedit-2.png


7 When finished, you can close the Local Group Policy Editor if you like.






OPTION TWO

Enable or Disable "Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot" using a REG file


The downloadable .reg files below will add and modify the DWORD value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

AutomaticRestartSignOnConfig DWORD

(delete) = Default (Not Configured or Disabled)
0 = Enable if BitLocker is on and not suspended (same as default)
1 = Always Enabled


1 Do step 2 (Enable if BitLocker is on and not suspended), step 3 (Always Enabled), or step 4 (default) below for what you would like to do.


2 To Enable if BitLocker is on and not suspended

This will prevent users from changing the Use my sign-in info to automatically finish setting up my device after an update or restart setting.

A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Automatically_sign_in_and_lock_computer_after_restart_if_Bitlocker_on_and_not_suspended.reg

Download


3 To Always Enabled

This will prevent users from changing the Use my sign-in info to automatically finish setting up my device after an update or restart setting.

A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Always_enabled-Automatically_sign_in_and_lock_computer_after_restart.reg

Download


4 Default Not Configured

This will allow users to change the Use my sign-in info to automatically finish setting up my device after an update or restart setting if the Sign-in and lock last interactive user automatically after a restart policy is not enabled or disabled.


A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Default-Automatically_sign_in_and_lock_computer_after_restart.reg

Download


5 Save the .reg file to your desktop.

6 Double click/tap on the downloaded .reg file to merge it.

7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

8 You can now delete the downloaded .reg file if you like.


That's it,
Shawn


Related Tutorials



  • Windows 11 Tutorials