Protecting the Automatic Logon Password

The automatic logon password should be protected by using the LsaStorePrivateData function.

The following example shows how to protect the automatic logon password. The example retrieves a handle to the Policy object by calling the LsaOpenPolicy function. For more information about the Policy object and Policy object handles, see Policy object and Opening a Policy Object Handle, respectively. The example then sets the protected password by calling the LsaStorePrivateData function. Note that if the caller passes in NULL for the protected password value, then the code clears the existing protected password. Before exiting, the code closes the handle to the Policy object.

#include <windows.h>
#include <stdio.h>

DWORD UpdateDefaultPassword(WCHAR * pwszSecret)

    LSA_OBJECT_ATTRIBUTES ObjectAttributes;
    LSA_HANDLE LsaPolicyHandle = NULL;

    LSA_UNICODE_STRING lusSecretName;
    LSA_UNICODE_STRING lusSecretData;
    USHORT SecretNameLength;
    USHORT SecretDataLength;


    //  Object attributes are reserved, so initialize to zeros.
    ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));

    //  Get a handle to the Policy object.
    ntsResult = LsaOpenPolicy(
        NULL,    // local machine

    if( STATUS_SUCCESS != ntsResult )
        //  An error occurred. Display it as a win32 error code.
        dwRetCode = LsaNtStatusToWinError(ntsResult);
        wprintf(L"Failed call to LsaOpenPolicy %lu\n", dwRetCode);
        return dwRetCode;

    //  Initialize an LSA_UNICODE_STRING for the name of the
    //  private data ("DefaultPassword").
    SecretNameLength = (USHORT)wcslen(L"DefaultPassword");
    lusSecretName.Buffer = L"DefaultPassword";
    lusSecretName.Length = SecretNameLength * sizeof(WCHAR);
    lusSecretName.MaximumLength =
        (SecretNameLength+1) * sizeof(WCHAR);

    //  If the pwszSecret parameter is NULL, then clear the secret.
    if( NULL == pwszSecret )
        wprintf(L"Clearing the secret...\n");
        ntsResult = LsaStorePrivateData(
        dwRetCode = LsaNtStatusToWinError(ntsResult);
        wprintf(L"Setting the secret...\n");
        //  Initialize an LSA_UNICODE_STRING for the value
        //  of the private data. 
        SecretDataLength = (USHORT)wcslen(pwszSecret);
        lusSecretData.Buffer = pwszSecret;
        lusSecretData.Length = SecretDataLength * sizeof(WCHAR);
        lusSecretData.MaximumLength =
            (SecretDataLength+1) * sizeof(WCHAR);
        ntsResult = LsaStorePrivateData(
        dwRetCode = LsaNtStatusToWinError(ntsResult);


    if (dwRetCode != ERROR_SUCCESS)
        wprintf(L"Failed call to LsaStorePrivateData %lu\n",
    return dwRetCode;


Note that if Winlogon cannot find a password stored by the LsaStorePrivateData function, it will use the DefaultPassword value of the Winlogon key (if it exists) for the automatic logon password.

For more information about automatic logon and the Winlogon registry key, see MSGina.dll Features.

For more information about protecting passwords, see Handling Passwords.