On our environment we utilize Dekart Logon which has been installed on the Domain Controller. On the Domain Controller we want to enable the Autologon feature (through Group Policy) in order to automatically logon with the administrator account, start a custom application and then lock the Server. We have tried to implement this project on a clean Windows 2003 with the AutoLogon feature from Group Policy and worked fine. On the other hand on the other machine with the Dekart Logon installed the AutoLogon does not work. Is it Dekart's problem ?

I am not sure I am following you.

The objective of the program is to prevent anyone from accessing the system without supplying the credentials. In contrast, what you need is the ability to get past authentication without using a token or smart card and a PIN.

Your set up does not follow the best practices of security. If you want a program to be started automatically, you should use a service - it will start in the background even if nobody is logged on.

If the program in question cannot run as a service, there are various tools that can "convert" a usual program into a service. I strongly recommend you to consider this approach.

1. The custom application cannot be started as a service and must be opened under a user seesion context (supplying user name and password).
2. The token is being used only for a single user that has administrator privilleges.

Can you tell me which group policy is used for Autologon? (it would be great if you could provide the full path to the policy in the tree of the policy editor)

We have a custom template that has been linked to the Domain Controller's Policy

CLASS MACHINE
CATEGORY "System"
CATEGORY "Logon"
POLICY "AutoLogon"
EXPLAIN "These settings can be used to allow the system to logon
automatically. To enable autologon, set the first two settings
(AutoAdminLogon and ForceAutologon) to 1, and then fill in the appropriate
account information. Keep in mind that this information will be stored in
cleartext in the systems registry."
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
PART "AutoAdminLogon" NUMERIC REQUIRED TXTCONVERT
VALUENAME "AutoAdminLogon"
MIN 0 MAX 1 DEFAULT "0" SPIN 1
END PART
PART "ForceAutoLogon" NUMERIC REQUIRED TXTCONVERT
VALUENAME "ForceAutoLogon"
MIN 0 MAX 1 DEFAULT "0" SPIN 1
END PART
PART "DefaultUserName" EDITTEXT REQUIRED
VALUENAME "DefaultUserName"
DEFAULT "Username" MAXLEN 128
END PART

PART "DefaultPassword" EDITTEXT REQUIRED
VALUENAME "DefaultPassword"
DEFAULT "Password" MAXLEN 128
END PART
PART "DefaultDomainName" EDITTEXT REQUIRED
VALUENAME "DefaultDomainName"
DEFAULT "Domain" MAXLEN 128
END PART
PART "AltDefaultUserName" EDITTEXT REQUIRED
VALUENAME "AltDefaultUserName"
DEFAULT "Should match username above" MAXLEN 128
END PART
PART "AltDefaultDomainName" EDITTEXT REQUIRED
VALUENAME "AltDefaultDomainName"
DEFAULT "Should match domain above" MAXLEN 128
END PART
END POLICY
END CATEGORY
END CATEGORY