Solved

Permission to unlock a workstation

Posted on 2006-06-20
10
1,350 Views
Last Modified: 2008-01-09
Normally, when a workstation that is on a domain is locked (either manually or by the screensaver), windows prompts you that only the administrator or the user logged on can unlock this workstation. Is it possible to give a non-administrator rights to be able to log a domain user off the computer?
0
Comment
Question by:DVation191
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16941312
not that i am aware of, this is just the way windows works from what i have dealt with
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 300 total points
ID: 16941558
It's not asking for a DOMAIN administrator actually, it's just a LOCAL administrator that needs to do this.. so you can either give your users local administrator priveliges, OR they can just use CTRL-ALT-DEL twice to reboot the machine.  The fact is that if they were to log in anyhow, it wouldn't save any work that may have been open by the previous user.  So rebooting would end up with the same results.

Jeff
TechSoEasy
0
 
LVL 2

Assisted Solution

by:Dave Robinson
Dave Robinson earned 200 total points
ID: 16941909
Tech is right about the Local Admin rights. I've done this in a school environment before.
You can create an "Unlock PC" Group, and add any users to this group that you wish to unlock your PC's.
Then just create a batch file that adds the Unlock PC group to the local administrator group. Put this in your group policy settings, and walla! The script runs on all PC's & any users from that group can unlock PC's.

Here is the contents of a sample batch file where User Administrators is the name of the group. Paste this into notepad & save as filename.bat

----------------------------------
net localgroup Administrators /add "domain.local\User Administrators"
----------------------------------

What is worth adding, is that pressing Ctrl-alt-del doesn't do anything (XP SP2), and secondly - when it did used to do something, it just rebooted your PC as if you pulled the plug out the back which is not a good way about doing things.
Using the correct way of Unlocking / logging out other users still keeps profile information correct / uploads the latest profile information back to the server. Pulling the Plug out / cntrl-alt-del / restarting the pc can lead to profile corruption.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16945077
The whole reason that this is only allowed by admins, by the way, is that you are authorizing a possible loss of data.  If the person left something open and was working on it when the computer was locked, only their login will unlock it back to the desktop they were working on.  All other logins will log the original user off without saving what was open.  So even if you do add these other users, it doesn't make much sense to me... since a reboot will accomplish the same thing... and often its quicker.

Jeff
TechSoEasy
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16947373
don't give admin rights out like candy though.........this is kept to the admin for good reasoning as Jeff has already mentioned, if you start playing with this you are going to be asking for trouble in my opinion
0
 
LVL 2

Expert Comment

by:Dave Robinson
ID: 16949616
You are correct Jeff in regards to any documents that have been open. Forcing logoff will close any open programs the user had open, and not save any open documents - but I was speaking about the users profile.
If you have roaming profiles setup, then on Logon the PC pulls down the profile from the server. If the user makes any changes to the profile then simple restarting the PC will not replicate those changes back to the server.
Forcing Logoff will make the PC logoff in the correct way, and so be less likely to lead to profile corruption.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16949652
That's true... if we could only get a response from the asker to know if roaming profiles are in use.  I don't use them, so I tend to not think about those things.

Jeff
TechSoEasy
0
 
LVL 20

Author Comment

by:DVation191
ID: 16950089
I'll start testing some of these suggestions. No, roaming profiles aren't used.

Also, being very familiar with the applications in use at this organization, the only "work" that might be lost is that used in MS Office applications. However group policy is set to autosave all work every 2 minutes, so no data should be lost by forcing a log off. Users are also required (although this is not enforced by group policy) to log off before going home so we can perform maintainence. If a user is still logged on we need to be able to unlock the workstation.

Although I'm almost positive this isn't possible, it would be great if we could actually just "unlock" the workstation instead of "unlock and log off current user". Then we could see what work is still opened. Only way I can see that happening is by resetting the domain password.
0
 
LVL 2

Expert Comment

by:Dave Robinson
ID: 16950099
Correct, without knowing that users domain password you cannot just Unlock the PC. You can only Unlock & LogOff that user.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16950417
There is a special WinXP screen saver that will auto-logoff a user and close out their programs (winexit.scr), if you're interested:
http://support.microsoft.com/kb/314999

Jeff
TechSoEasy
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question