Accounts Enable or Disable Auto Sign-in and Lock after Update or Restart in Windows 11


  • Staff
Sign-in_options_banner.png

You can speed up the Windows sign-in process by turning on Use my sign in info to automatically finish setting up after an update to automatically sign in and set up your PC after an update or restart. Windows will then lock your device to help keep your account and personal info safe.

During a Windows Update, there are user specific processes that must happen for the update to be complete. These processes require the user to be logged in to their device. On the first login after an update has been initiated, users must wait until these user specific processes are complete before they can start using their device.

When Windows Update initiates an automatic reboot, ARSO (Winlogon automatic restart sign-on) extracts the currently logged in user's derived credentials, persists it to disk, and configures Autologon for the user. Windows Update running as system with TCB privilege will initiate the RPC call to do this.

After the final Windows Update reboot, the user will automatically be logged in via the Autologon mechanism, and the user's session is rehydrated with the persisted secrets. Additionally, the device is locked to protect the user's session. The locking will be initiated via Winlogon whereas the credential management is done by the Local Security Authority (LSA). Upon a successful ARSO configuration and login, the saved credentials are immediately deleted from disk.

By automatically logging in and locking the user on the console, Windows Update can complete the user specific processes before the user returns to the device. In this way, the user can immediately start using their device.

See also:

This tutorial will show you how to enable or disable automatically sign in and lock last user after an update or restart in Windows 11.


Contents

  • Option One: Turn On or Off Auto Sign-in and Lock after Update or Restart for Current User in Settings
  • Option Two: Turn On or Off Auto Sign-in and Lock after Update or Restart for Specific User in Registry Editor
  • Option Three: Enable or Disable Auto Sign-in and Lock after Update or Restart for All Users in Local Group Policy Editor
  • Option Four: Enable or Disable Auto Sign-in and Lock after Update or Restart for All Users using REG file





OPTION ONE

Turn On or Off Auto Sign-in and Lock after Update or Restart for Current User in Settings


This option isn’t available if your device is joined to a domain, or if work or email policies are applied to your device by your organization.


1 Open Settings (Win+I).

2 Click/tap on Accounts on the left side, and click/tap on Sign-in options on the right side. (see screenshot below)

Auto_sign-in_after_update_restart_Settings-1.png

3 Under Additional settings, turn on (default) or off Use my sign-in info to automatically finish setting up after an update for what you want. (see screenshot below)

Auto_sign-in_after_update_restart_Settings-2.png

4 You can now close Settings if you like.





OPTION TWO

Turn On or Off Auto Sign-in and Lock after Update or Restart for Specific User in Registry Editor


This option is for the same setting in Option One, but set manually for a specific user(s) in Registry Editor instead.

You must be signed in as an administrator to use this option.


1 Open an Windows Terminal, and select either Windows PowerShell or Command Prompt.

2 Copy and paste the command below into Windows Terminal, and press Enter. (see screenshot below step 3)

Get-WmiObject win32_useraccount | Select name,sid

3 Make note of the SID (ex: "S-1-5-21-2212846312-626644311-134141314-1001") of the account name (ex: "Brink") you want to apply this to. (see screenshot below)

Auto_sign-in_after_update_restart_regedit-1.png

4 Open Registry Editor (regedit.exe).

5 Navigate to the registry key below in the left pane of Registry Editor. (see screenshot below)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO

Auto_sign-in_after_update_restart_regedit-2.png

6 Under the UserARSO key, click/tap on the subkey that has the same name as the SID (ex: "S-1-5-21-2212846312-626644311-134141314-1001") from step 3 above. (see screenshot below)

Auto_sign-in_after_update_restart_regedit-3.png

7 In the right pane of the SID (ex: "S-1-5-21-2212846312-626644311-134141314-1001") key, double click/tap on the OptOut DWORD to modify it. (see screenshot above)

8 Type 0 (on - default) or 1 (off) for what you want, and click/tap on OK. (see screenshot below)

Auto_sign-in_after_update_restart_regedit-4.png

9 You can now close Windows Terminal and Registry Editor if you like.





OPTION THREE

Enable or Disable Auto Sign-in and Lock after Update or Restart for All Users in Local Group Policy Editor


You must be signed in as an administrator to use this option.

The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Four for the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the registry key location below in the left pane of Local Group Policy Editor. (see screenshot below)

Computer Configuration\Administrative Templates\Windows Components\Windows Logon Options

Auto_sign-in_after_update_restart_gpedit-1.png

3 In the right pane of Windows Logon Options, double click/tap on the Sign-in and lock last interactive user automatically after a restart policy to edit it. (see screenshot above)

4 Do step 5 (always enabled), step 6 (always disabled), step 7 (default) below for what you want.


5 Always Enable Auto Sign-in and Lock after Update or Restart for All Users

This will override and prevent using Option One and Option Two.


A) Select (dot) Enabled, and click/tap on OK. (see screenshot below)​

B) If you like, you can further configure this setting through the Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot policy.​

C) When finished, go to step 8.​

Auto_sign-in_after_update_restart_gpedit-3.png


6 Always Disable Auto Sign-in and Lock after Update or Restart for All Users

This will override and prevent using Option One and Option Two.


A) Select (dot) Disabled, and click/tap on OK. (see screenshot below)​

B) Go to step 8.​

Auto_sign-in_after_update_restart_gpedit-4.png


7 Default User Choice to Auto Sign-in and Lock after Update or Restart

This is the default setting.

This will allow using Option One and Option Two.


A) Select (dot) Not Configured, and click/tap on OK. (see screenshot below)​

B) Go to step 8.​

Auto_sign-in_after_update_restart_gpedit-2.png


8 You can close the Local Group Policy Editor if you like.





OPTION FOUR

Enable or Disable Auto Sign-in and Lock after Update or Restart for All Users using REG file


You must be signed in as an administrator to use this option.


1 Do step 2 (always enabled), step 3 (always disabled), or step 4 (default) below for what you want.


2 Always Enable Auto Sign-in and Lock after Update or Restart for All Users

This will override and prevent using Option One and Option Two.

If you like, you can further configure this setting through the Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot policy.


A) Click/tap on the Download button below to download the .reg file below, and go to step 5 below.​

Always_enable_sign-in_and_lock_after_update_or_restart.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableAutomaticRestartSignOn"=dword:00000000


3 Always Disable Auto Sign-in and Lock after Update or Restart for All Users

This will override and prevent using Option One and Option Two.


A) Click/tap on the Download button below to download the .reg file below, and go to step 5 below.​

Always_disable_sign-in_and_lock_after_update_or_restart.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableAutomaticRestartSignOn"=dword:00000001


4 Default User Choice to Auto Sign-in and Lock after Update or Restart

This is the default setting.

This will allow using Option One and Option Two.


A) Click/tap on the Download button below to download the .reg file below, and go to step 5 below.​

Default_Not_Configured_sign-in_and_lock_after_update_or_restart.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableAutomaticRestartSignOn"=-


5 Save the .reg file to your desktop.

6 Double click/tap on the downloaded .reg file to merge it.

7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

8 You can delete the downloaded .reg file if you like.


That's it,
Shawn Brink


 

Attachments

  • Sign-in_options.png
    Sign-in_options.png
    16.6 KB · Views: 43
  • Always_disable_sign-in_and_lock_after_update_or_restart.reg
    724 bytes · Views: 93
  • Always_enable_sign-in_and_lock_after_update_or_restart.reg
    724 bytes · Views: 86
  • Default_Not_Configured_sign-in_and_lock_after_update_or_restart.reg
    698 bytes · Views: 78
Last edited:
Top Bottom