Accounts Enable or Disable Auto Sign-in and Lock after Update or Restart in Windows 11


  • Staff
Sign-in_options_banner.png

This tutorial will show you how to enable or disable automatically sign in and lock last user after an update or restart in Windows 11.

You can speed up the Windows sign-in process by turning on Use my sign in info to automatically finish setting up after an update to automatically sign in and set up your PC after an update or restart. Windows will then lock your device to help keep your account and personal info safe.

During a Windows Update, there are user specific processes that must happen for the update to be complete. These processes require the user to be logged in to their device. On the first login after an update has been initiated, users must wait until these user specific processes are complete before they can start using their device.

When Windows Update initiates an automatic reboot, ARSO (Winlogon automatic restart sign-on) extracts the currently logged in user's derived credentials, persists it to disk, and configures Autologon for the user. Windows Update running as system with TCB privilege will initiate the RPC call to do this.

After the final Windows Update reboot, the user will automatically be logged in via the Autologon mechanism, and the user's session is rehydrated with the persisted secrets. Additionally, the device is locked to protect the user's session. The locking will be initiated via Winlogon whereas the credential management is done by the Local Security Authority (LSA). Upon a successful ARSO configuration and login, the saved credentials are immediately deleted from disk.

By automatically logging in and locking the user on the console, Windows Update can complete the user specific processes before the user returns to the device. In this way, the user can immediately start using their device.

If you enable Use my sign-in info to automatically finish setting up after an update for your account, it will disable getting the "Someone else is still using this PC. If you restart now, they could lose unsaved work" message when any user restarts the computer while your account is still signed in.

If you enable the Sign-in and lock last interactive user automatically after a restart policy for all users, it will disable getting the "Someone else is still using this PC. If you restart now, they could lose unsaved work" message when any user restarts the computer while any account is still signed in.

Somone_else_is_still_using_this_PC.png



References:


Contents

  • Option One: Turn On or Off Auto Sign-in and Lock after Update or Restart for Current User in Settings
  • Option Two: Turn On or Off Auto Sign-in and Lock after Update or Restart for Specific User in Registry Editor
  • Option Three: Enable or Disable Auto Sign-in and Lock after Update or Restart for All Users in Local Group Policy Editor
  • Option Four: Enable or Disable Auto Sign-in and Lock after Update or Restart for All Users using REG file




Option One

Turn On or Off Auto Sign-in and Lock after Update or Restart for Current User in Settings


This option isn’t available if your device is joined to a domain, or if work or email policies are applied to your device by your organization.


1 Open Settings (Win+I).

2 Click/tap on Accounts on the left side, and click/tap on Sign-in options on the right side. (see screenshot below)


Auto_sign-in_after_update_restart_Settings-1.png

3 Under Additional settings, turn on (default) or off Use my sign-in info to automatically finish setting up after an update for what you want. (see screenshot below)

Auto_sign-in_after_update_restart_Settings-2.png

4 You can now close Settings if you like.




Option Two

Turn On or Off Auto Sign-in and Lock after Update or Restart for Specific User in Registry Editor


This option is for the same setting in Option One, but set manually for a specific user(s) in Registry Editor instead.

You must be signed in as an administrator to use this option.


1 Open an Windows Terminal, and select either Windows PowerShell or Command Prompt.

2 Copy and paste the command below into Windows Terminal, and press Enter. (see screenshot below step 3)

Get-WmiObject win32_useraccount | Select name,sid

3 Make note of the SID (ex: "S-1-5-21-2212846312-626644311-134141314-1001") of the account name (ex: "Brink") you want to apply this to. (see screenshot below)

Auto_sign-in_after_update_restart_regedit-1.png

4 Open Registry Editor (regedit.exe).

5 Navigate to the registry key below in the left pane of Registry Editor. (see screenshot below)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO

Auto_sign-in_after_update_restart_regedit-2.png

6 Under the UserARSO key, click/tap on the subkey that has the same name as the SID (ex: "S-1-5-21-2212846312-626644311-134141314-1001") from step 3 above. (see screenshot below)

Auto_sign-in_after_update_restart_regedit-3.png

7 In the right pane of the SID (ex: "S-1-5-21-2212846312-626644311-134141314-1001") key, double click/tap on the OptOut DWORD to modify it. (see screenshot above)

8 Type 0 (on - default) or 1 (off) for what you want, and click/tap on OK. (see screenshot below)

Auto_sign-in_after_update_restart_regedit-4.png

9 You can now close Windows Terminal and Registry Editor if you like.




Option Three

Enable or Disable Auto Sign-in and Lock after Update or Restart for All Users in Local Group Policy Editor


You must be signed in as an administrator to use this option.

The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Four for the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the registry key location below in the left pane of Local Group Policy Editor. (see screenshot below)

Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options

Auto_sign-in_after_update_restart_gpedit-1.png

3 In the right pane of Windows Logon Options, double click/tap on the Sign-in and lock last interactive user automatically after a restart policy to edit it. (see screenshot above)

4 Do step 5 (always enabled), step 6 (always disabled), step 7 (default) below for what you want.

5 Always Enable Auto Sign-in and Lock after Update or Restart for All Users

This will override and prevent using Option One and Option Two.


A) Select (dot) Enabled, and click/tap on OK. (see screenshot below)​

B) If you like, you can further configure this setting through the Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot policy.​

C) When finished, go to step 8.​

Auto_sign-in_after_update_restart_gpedit-3.png

6 Always Disable Auto Sign-in and Lock after Update or Restart for All Users

This will override and prevent using Option One and Option Two.


A) Select (dot) Disabled, and click/tap on OK. (see screenshot below)​

B) Go to step 8.​

Auto_sign-in_after_update_restart_gpedit-4.png

7 Default User Choice to Auto Sign-in and Lock after Update or Restart

This is the default setting.

This will allow using Option One and Option Two.


A) Select (dot) Not Configured, and click/tap on OK. (see screenshot below)​

B) Go to step 8.​

Auto_sign-in_after_update_restart_gpedit-2.png

8 You can close the Local Group Policy Editor if you like.




Option Four

Enable or Disable Auto Sign-in and Lock after Update or Restart for All Users using REG file


You must be signed in as an administrator to use this option.


1 Do step 2 (always enabled), step 3 (always disabled), or step 4 (default) below for what you want.

2 Always Enable Auto Sign-in and Lock after Update or Restart for All Users

This will override and prevent using Option One and Option Two.

If you like, you can further configure this setting through the Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot policy.


A) Click/tap on the Download button below to download the .reg file below, and go to step 5 below.​

Always_enable_sign-in_and_lock_after_update_or_restart.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableAutomaticRestartSignOn"=dword:00000000

3 Always Disable Auto Sign-in and Lock after Update or Restart for All Users

This will override and prevent using Option One and Option Two.


A) Click/tap on the Download button below to download the .reg file below, and go to step 5 below.​

Always_disable_sign-in_and_lock_after_update_or_restart.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableAutomaticRestartSignOn"=dword:00000001

4 Default User Choice to Auto Sign-in and Lock after Update or Restart

This is the default setting.

This will allow using Option One and Option Two.


A) Click/tap on the Download button below to download the .reg file below, and go to step 5 below.​

Default_Not_Configured_sign-in_and_lock_after_update_or_restart.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableAutomaticRestartSignOn"=-

5 Save the .reg file to your desktop.

6 Double click/tap on the downloaded .reg file to merge it.

7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

8 You can delete the downloaded .reg file if you like.


That's it,
Shawn Brink


 

Attachments

  • Always_disable_sign-in_and_lock_after_update_or_restart.reg
    724 bytes · Views: 318
  • Always_enable_sign-in_and_lock_after_update_or_restart.reg
    724 bytes · Views: 310
  • Default_Not_Configured_sign-in_and_lock_after_update_or_restart.reg
    698 bytes · Views: 285
Last edited:
Thank you for this, I had to turn it off system wide for all user accounts in order to fix double sign in at lock screen, using latest Windows 11.

putting this here in case someone else experiencing it finds it useful, the problem is easily reproducible, tested it on pristine environment.

So here is the situation:
my Windows has 2 user accounts, one Standard account and one Admin account. I use the Standard account for everyday usage for obvious security benefits, it's connected to my Microsoft account. the Admin account is an offline one, I use it only for tasks that require admin privileges.

so far so good, the problem arises when I sign out of my Standard account, sign into my Admin account, and then perform a system restart from there. once Windows boots to lock screen, I try to log into my Standard account by entering my Windows PIN, after 2 seconds of showing a very short loading animation, I'm taken back to the lock screen again, so I type in my Windows PIN for the 2nd time and this time It works and I enter my Standard account.

after doing a little bit of search on the Internet, found out if I go to Windows settings => Accounts => Sign-in options and turn off "Use my sign-in info to automatically finish settings up after an update" then double sign in is gone.

using the registry tweak to disable it system wide, the problem is gone.
 

My Computer

System One

  • OS
    Windows 11
Hi,
Thank you ! :cool:
 

My Computer

System One

  • OS
    Win-7-10-11Pro's
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acer 17" Nitro 7840sn/ 2x16gb 5600c40/ 4060/ stock 1tb-os/ 4tb sn850x
    CPU
    10900k & 9940x & 5930k
    Motherboard
    z490-Apex & x299-Apex & x99-Sabertooth
    Memory
    Trident-Z Royal 4000c16 2x16gb & Trident-Z 3600c16 4x8gb & 3200c14 4x8gb
    Graphics Card(s)
    Titan Xp & 1080ti FTW3 & evga 980ti gaming
    Sound Card
    Onboard Realtek x3
    Monitor(s) Displays
    1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
    Screen Resolution
    1920-1080 not sure what the t.v is besides 43" class scales from 1920-1080 perfectly
    Hard Drives
    2-WD-sn850x 4tb/ 970evo+500gb/ 980 pro 2tb.
    PSU
    1000p2 & 1200p2 & 850p2
    Case
    D450 x2 & 1 Test bench in cherry Entertainment center
    Cooling
    Custom water loops x3 with 2x mora 360mm rads only 980ti gaming air cooled
    Keyboard
    G710+x3
    Mouse
    Redragon x3
    Internet Speed
    xfinity gigabyte
    Browser
    Firefox
    Antivirus
    mbam pro

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Back
Top Bottom