Let’s get straight to the point:
Some machines are configured to automatically log in with a specific user account—this is common for kiosk machines or setups using tools like Microsoft PowerToys. When a machine is auto-logged in this way, it’s still possible to rotate the password for that user account. Here’s how you can set up the management of password rotation in this scenario.
Setup is simple:
Install the agent, and it will automatically rotate the UserToLogon password every 24 hours. You can assign access to specific techs via the TechIDPortal.
Want to get started?
Download the PowerShell setup script from our releases page
Or skip the hassle—book a White Glove install, and we’ll walk you through it
“Why does this work?” you ask….alright, now that you know the basics of the installation, let’s talk about why and how this works and what other options you have on the install for TechIDAgent.
Let’s start with these command lines to setup everything.
TechIDAgent.exe installLAPS
TechIDAgent.exe shareduser UserToLogon clientguid xxx
TechIDAgent.exe shareduser UserToLogon AutoLogon
TechIDAgent.exe start
TechIDAgent.exe – The executable to run.
installLAPS – this argument tells the TechIDAgent to install itself as a service, set all the recovery options for the service, and ONLY run the LAPS part of what TechIDAgent can do. If you are using LAPS to control a local account on a machine AND create unique accounts then you should use the command line “install” (and not “installLAPS”).
shareduser UserToLogon – this argument tells the TechIDAgent to control the account named “UserToLogon“, and all the rest of the command line options on this command line apply to that instance of TechIDAgent. If you have renamed the built-in UserToLogon account to something else, such as MSPAdmin, then you replace “UserToLogon” with the correct name. i.e. shareduser MSPAdmin
clientguid xxx – this part of the command line tells TechIDAgent the clientguid to use replace xxx with your TechIDManager ClientGuid. This can be set instance specific or for all instances of TechIDAgent running on this machine.
AutoLogon – This tells TechIDAgent to set this user’s password as the autologon password for this machine when ever the password is rotated.
start – this part of the command line tells the TechIDAgent to start the TechIDAgent. This is the same as “net start TechIDAgent”.
There are many other options that can be set for each instance of TechIDAgent.
To set the FriendlyName or RMMName use these command lines:
TechIDAgent.exe shareduser UserToLogon friendlyname "Jenny's dev machine"
TechIDAgent.exe shareduser UserToLogon rmmname "867-5309"
With these above command lines, note how we first tell TechIDAgent the command line options apply to the shareduser UserToLogon instance and then we use the normal syntax for the FriendlyName or RMMName. Any option that can be set can be set instance specific.
Return to step 4 to install more agents.
