/
  • Last updated
/
  • 7 min read

How to Configure the Mode of Auto Sign-in and Lock after Restart in Windows 10

How to Configure the Mode of Auto Sign-in and Lock after Restart in Windows 10 blog banner image

Windows 10 allows users to automatically sign in after a system restart and lock the session to maintain security. This allows the computer to boot, launch its startup apps, and prepare the working environment without requiring a manual sign-in.

Configuring Windows 10 to sign in and lock the last interactive user after a restart is extremely useful in a large-scale work setting. For example, it ensures employees can return to their computers with their startup apps already running. In addition, computers will immediately be locked after restarting, protecting sensitive data and leaving the system protected.

If you want to set your computer this way, this guide provides step-by-step guidance for configuring Windows automatic restart sign-on (ARSO).

Requirements for Configuring Windows 10 to sign in automatically and lock immediately

  • You must have administrator privileges. If you don’t have admin privileges, the methods listed below will not work.
  • It must be Windows 10 version 2004 or later.
  • You need to have a password-protected local or Microsoft account.
  • Optional: If BitLocker is enabled, it has to be suspended first.

How to enable sign-in and lock the last interactive user automatically after a restart

Method 1: Enable using Windows Settings

You can configure sign-in options and lock behaviors using Windows Settings. This will allow Windows to sign in and set up your account after a reboot.

  1. Open Settings by pressing the Win + I shortcut.
  2. Navigate to Accounts > Sign-in options.
  3. Find Restart apps and turn on this option: Automatically save my restartable apps when I sign out and restart them after I sign in.
  4. Under Privacy toggle on: Use my sign-in info to automatically finish setting up my device after an update or restart. This option might be grayed out if your account does not have a password, and Group Policy organizational settings might be restricting access. Check the Troubleshooting section for possible solutions.

Method 2: Utilizing automatic restart sign-on using Group Policy

If you are a Windows Pro and Enterprise user, you can use the Group Policy Editor to tweak Windows ARSO.

  1. Open Run (Win + R) then type gpedit.msc. Press Enter.
  2. Navigate to this Group Editor policy: Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options. This section contains settings to control how Windows handles logon behavior during restarts and system updates.
  3. Next, locate and double-click the policy Sign-in and lock the last interactive user automatically after a restart. This will open a new Window. Select Enabled.
  4. Click OK, then close Group Policy Editor. Restart your computer so changes can take effect.

Method 3: Activating Windows ARSO using the Registry Editor

Another method is to configure Windows ARSO manually by editing the Windows Registry.

⚠️ Before proceeding, back up your Windows Registry. Incorrect keys can cause system instability. 

  1. Open the Registry Editor by pressing Win + R and typing regedit. Afterward, press Enter. The User Account Control (UAC) prompt may open. Click Yes to allow the Registry Editor to open.
  2. Next, navigate to this key in the Registry Editor: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
  3. Look for this DWord (32-bit) value: ARSOUserConsent. If it does not exist, create an entry by:
    1. Right-click an empty space in the right-hand pane and select New > DWORD (32-bit) Value.
    2. Name it ARSOUserConsent. 
  4. After you’ve created or located the DWord entry, double-click and set its value to 1. This will enable auto sign-in and lock after restart, while setting it to 0 will turn it off.
  5. Click OK to save your changes. Close Registry Editor and restart your computer for the changes to take effect.
  6. You can verify if the setting in Windows will automatically sign in to your account briefly, load startup apps and scheduled tasks, and immediately lock the session (which shows the lock screen).

Windows ARSO: What to take note of

Why use auto sign-in and lock in Windows 10?

The auto sign-in and lock feature in Windows 10 is a useful tool for IT admins and power users who manage a massive network of computers, especially in enterprise environments. It allows them to perform maintenance and updates remotely without worrying about security breaches. In addition, this ensures scheduled tasks and background processes (like startup apps) will resume while securing the desktop with a lock screen, allowing users to return to their tasks quickly.

What is this feature designed for?

This feature was introduced in Windows 10 version 1709 and later improved in version 2004. It’s mainly designed for a quick and easy login experience after restarts, while securing the computer by putting in a lock screen immediately.

Troubleshooting auto sign-in and lock issues in Windows 10

Is the option for the auto sign-in and lock feature grayed out in Windows Settings?

When making tweaks, you might discover that this feature has been grayed out. Here are a couple of reasons along with their fixes:

  • Lack of a password. This feature requires a password-protected user account. For security reasons, Windows may disable or gray out this feature. Add a password, PIN, or a Windows Hello credential to fix.
  • Your computer is part of an organization. This might also be grayed out if your computer is part of a corporate or school network or managed by an organization. Administrative policies may restrict access to these settings. Contact your IT administrator for a workaround or permissions.
  • Group Policy settings. Local Group Policy configurations can override local computer settings. If a specific policy enforces a configuration preventing auto sign-in and lock, the options might be grayed out or unchangeable. To check, here are a few steps to follow:
    • Open the Local Group Policy Editor by pressing Win + R, typing gpedit.msc, and clicking Enter.
    • Next, navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options.
    • Look for policies related to sign-in behavior or automatic sign-in and review their status. Check if they are enabled or disabled—if not changed, they may override your existing settings.

Are BitLocker prompts appearing after a reboot?

If BitLocker encryption is enabled on your system drive, it might prompt for a BitLocker recovery key after a system restart, which will interrupt automatic sign-in. To avoid this temporarily, you can suspend BitLocker via these steps:

  • Open Control Panel > System and Security > BitLocker Drive Encryption.
  • Click Suspend protection.
  • Confirm the action when prompted. This will keep your drive encrypted, but it will disable key protection until the next reboot, allowing the system to restart without asking for the recovery key.

You can configure BitLocker policies via the Local Group Policy Editor for a more permanent solution by allowing automatic unlocking at startup.

  • Open Local Group Policy Editor.
  • Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives. 
  • Once there, you tweak the following policies:
    • Allow BitLocker without a compatible TPM (Trusted Platform Module): Set this to Enabled. This lets BitLocker use a PIN, password, or startup USB keys instead of relying on a TPM.
    • Require additional authentication at startup: Set this policy to Enabled and customize the authentication methods allowed, such as TPM-only, PIN, or password protection. Configuring it correctly will enable Windows to trust the environment when booting up and will not unnecessarily ask for the key.

Auto sign-in and lock: A balance between convenience and security

Correctly configuring auto sign-in and lock will allow Windows to reboot, automatically sign in to a user account, and immediately lock the desktop. This ensures that background apps, tasks, and system updates can resume without exposing confidential information. If you have administrative access, you can configure this through several methods, such as Windows settings, the Group Policy Editor, and the Registry Editor.

If you set it up properly, you can keep your device ready for unattended maintenance and scheduled tasks without worrying about security.

Start your Free Trial

You might also like

How to Delete the Windows10Upgrade Folder in Windows 10 blog banner image

How to Delete the Windows10Upgrade Folder in Windows 10

How to Map a Network Drive in Windows blog banner image

Guide: How to Map a Network Drive in Windows

How to Turn On or Off Sound Sentry for Visual Notifications in Windows 10 blog banner image

How to Turn On or Off Sound Sentry for Visual Notifications in Windows 10

How to Turn On or Off PowerToys Image Resizer in Windows blog banner image

How to Turn On or Off PowerToys Image Resizer in Windows

How to Enable or Disable Built-in Administrator Account in Windows 11 blog banner image

How to Enable or Disable Built-in Administrator Account in Windows 11

How to Change the Lock Screen Time to 12-hour or 24-hour Clock Format in Windows 11 blog banner image

How to Change the Lock Screen Time to 12-hour or 24-hour Clock Format in Windows 11

Back to Blog Home
Ready to simplify the hardest parts of IT?
Start a Free Trial
Get a demo
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
I Accept