Solved

Domain Admin can't login to a vista computer if locked by a user, why?

Posted on 2008-06-15
9
1,136 Views
Last Modified: 2013-12-04
In a Server 2003 Enviroment where all workstations have smart cards installed I've noticed I can't log into Vista computers if the user has the workstaion locked. In Win XP i see the "this workstaion in in use and has been locked..." message so i press Ctrl Alt Del and after entering my credentials it forces that user off and lets me log in. Vista however gives me the same message but i can't enter my credientials. It gives me a screen like the login one with boxes for the currently logged on user or smart card. No "other" box like the login screen does where I could enter admin credientials. How can I as admin get it so i can logonto a computer locked by a user without killing power and restarting?
0
Comment
Question by:charles_dilger
  • 5
  • 2
  • 2
9 Comments
 
LVL 10

Expert Comment

by:Casey Herman
Comment Utility
Has domain admins be added to local administrator's group?

Casey
0
 

Author Comment

by:charles_dilger
Comment Utility
Yes and under xp I can log users out fine. This only seams to apply to Vista where i can't log them out.
0
 
LVL 10

Expert Comment

by:Casey Herman
Comment Utility
so it is showing on the vista machine that it is there. OK  
Then have you tried disabling vista's advanced security features... you know the allow or deny crap.  It may be asking the empty session if it wants to allow the Administrator to log in and log the other session off.

Casey
0
 

Author Comment

by:charles_dilger
Comment Utility
you mean the UAC? No I havent tried urning that off yet. Its not asking for permission or anything in fact it says user xyz or an administrator can log into the computer but then desnt give me a place to enter a different username. I'll try killng the uac and see f that helps.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 41

Expert Comment

by:graye
Comment Utility
So describe the screen that you see again....  is it the "3 box" version for name, password, domain?   Or is it the "2 box" version for CertID, and PIN

Switching bewteen the two screens generally just takes another Crtl-Alt-Del or  a plull/insertion of the Smart Card
0
 

Author Comment

by:charles_dilger
Comment Utility
It's the "3 box" version. It first says the computer is in use and required you press CRTL Alt Del then i get two of the vista style logon buttons like for user accounts. One with the name domain\user (for the loged in user) and another that says insert smart card.
0
 
LVL 41

Expert Comment

by:graye
Comment Utility
So, when you attempt to "take over" the currently running users session, are you using a Name/Password pair or a ID/PIN pair?
0
 

Author Comment

by:charles_dilger
Comment Utility
Just a username and password. Either mine, a member of the administrators group or as the domain admin. We don't use smart cards for logins just other stuff once logged in.
0
 

Accepted Solution

by:
charles_dilger earned 0 total points
Comment Utility
I just figured this out but I don't know why its like this. When you first press crtl alt del and get the options for the current user or the smart card you can hit esc a few times and it goes back to a press crtl alt del screen again but this time when you do that you get a new option "switch user" it let's me log in with any other user admin or not. It doesnt let me force the first user to log off but I can access the compter and if needed restart it safely allowng me to clear the user accounts.

This workes fine for me.

Any one have ideas why it does this?
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now