?
Solved

Domain Admin can't login to a vista computer if locked by a user, why?

Posted on 2008-06-15
9
Medium Priority
?
1,142 Views
Last Modified: 2013-12-04
In a Server 2003 Enviroment where all workstations have smart cards installed I've noticed I can't log into Vista computers if the user has the workstaion locked. In Win XP i see the "this workstaion in in use and has been locked..." message so i press Ctrl Alt Del and after entering my credentials it forces that user off and lets me log in. Vista however gives me the same message but i can't enter my credientials. It gives me a screen like the login one with boxes for the currently logged on user or smart card. No "other" box like the login screen does where I could enter admin credientials. How can I as admin get it so i can logonto a computer locked by a user without killing power and restarting?
0
Comment
Question by:charles_dilger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
9 Comments
 
LVL 10

Expert Comment

by:Casey Herman
ID: 21789350
Has domain admins be added to local administrator's group?

Casey
0
 

Author Comment

by:charles_dilger
ID: 21789391
Yes and under xp I can log users out fine. This only seams to apply to Vista where i can't log them out.
0
 
LVL 10

Expert Comment

by:Casey Herman
ID: 21789426
so it is showing on the vista machine that it is there. OK  
Then have you tried disabling vista's advanced security features... you know the allow or deny crap.  It may be asking the empty session if it wants to allow the Administrator to log in and log the other session off.

Casey
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 

Author Comment

by:charles_dilger
ID: 21790227
you mean the UAC? No I havent tried urning that off yet. Its not asking for permission or anything in fact it says user xyz or an administrator can log into the computer but then desnt give me a place to enter a different username. I'll try killng the uac and see f that helps.
0
 
LVL 41

Expert Comment

by:graye
ID: 21794639
So describe the screen that you see again....  is it the "3 box" version for name, password, domain?   Or is it the "2 box" version for CertID, and PIN

Switching bewteen the two screens generally just takes another Crtl-Alt-Del or  a plull/insertion of the Smart Card
0
 

Author Comment

by:charles_dilger
ID: 21796817
It's the "3 box" version. It first says the computer is in use and required you press CRTL Alt Del then i get two of the vista style logon buttons like for user accounts. One with the name domain\user (for the loged in user) and another that says insert smart card.
0
 
LVL 41

Expert Comment

by:graye
ID: 21797960
So, when you attempt to "take over" the currently running users session, are you using a Name/Password pair or a ID/PIN pair?
0
 

Author Comment

by:charles_dilger
ID: 21798590
Just a username and password. Either mine, a member of the administrators group or as the domain admin. We don't use smart cards for logins just other stuff once logged in.
0
 

Accepted Solution

by:
charles_dilger earned 0 total points
ID: 21826840
I just figured this out but I don't know why its like this. When you first press crtl alt del and get the options for the current user or the smart card you can hit esc a few times and it goes back to a press crtl alt del screen again but this time when you do that you get a new option "switch user" it let's me log in with any other user admin or not. It doesnt let me force the first user to log off but I can access the compter and if needed restart it safely allowng me to clear the user accounts.

This workes fine for me.

Any one have ideas why it does this?
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month11 days, 14 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question