• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 913
  • Last Modified:

Why does my locked Windows XP workstation auto-unlock with the shutdown.exe command when I have unsaved data?


I have been able to reproduce and see my locked workstation being auto-unlocked without supplying my password to unlock it.

I open Notepad and start a typing to have unsaved data.
In the Start->Run window I run Shutdown.exe -r -t 30 to restart my system in 30 seconds.

The shutdown window with the countdown appears.

I lock my workstation.

When the countdown completes.  My system is automatically unlocked for me to save my data.

IS there some registry setting that allows this?
Is this an ExitWindowsEX API issue?

0
courion
Asked:
courion
  • 4
  • 3
  • 3
  • +2
2 Solutions
 
andossCommented:
You can put a /c in your command which will force the computer to shutdown regardless of if you have a file that needs to be saved.

Not sure that's exactly what your after though.
0
 
beanrodCommented:
An administrative account is required to execute shutdown it will shutdown the PC especially if the /force switch is used. Regardless of user activity
Just some of the variables that can be used... Shutdown by itself will give a
 user 30 seconds to stop it...

Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e] [/f]
    [/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]]

    No args    Display help. This is the same as typing /?.
    /?         Display help. This is the same as not typing any options.
    /i         Display the graphical user interface (GUI).
               This must be the first option.
    /l         Log off. This cannot be used with /m or /d options.
    /s         Shutdown the computer.
    /r         Shutdown and restart the computer.
    /g         Shutdown and restart the computer. After the system is
               rebooted, restart any registered applications.
    /a         Abort a system shutdown.
               This can only be used during the time-out period.
    /p         Turn off the local computer with no time-out or warning.
               Can be used with /d and /f options.
    /h         Hibernate the local computer.
               Can be used with the /f option.
    /e         Document the reason for an unexpected shutdown of a computer.
    /m \\computer Specify the target computer.
    /t xxx     Set the time-out period before shutdown to xxx seconds.
               The valid range is 0-315360000 (10 years), with a default of 30.
               If the timeout period is greater than 0, the /f parameter is
0
 
Danny ChildIT ManagerCommented:
Try psshutdown instead from sysinternals - they were so good, Microsoft bought them!
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Danny ChildIT ManagerCommented:
http://technet.microsoft.com/en-us/sysinternals/bb897541.aspx

eg
psshutdown \\<PCname> -f -s -t30 -v0

0
 
courionAuthor Commented:
I am concerned about the fact that my locked workstation automatically unlocks without entering a password to unlock it.

So my results are not suprising to anyone?
0
 
junior15Commented:
When you issued the shutdown command, you implicitly gave it permission. Only somebody with admin rights could execute the shutdown command.

I think if you used "/f" to force the shutdown, it wouldn't prompt to save data but would just shutdown, but I'm not sure as I haven't tested it.
0
 
courionAuthor Commented:
Is it documented somewhere that this can happen and it is implicit?

Are you saying because someone with the necessary permissions issued the command and it was the same person that was locked, it implicitly assumed it could unlock without a passowrd?

Is the same true if a sysadmin sends the shutdown command remotely to a locked workstation of a non-priv'd end user that has unsaved data?  Would that not auto-unlock the locked workstation without a passowrd or is it the privs of the shutdown command executer that are being used?

0
 
courionAuthor Commented:
Is it documented somewhere that this can happen and it is implicit?

Are you saying because someone with the necessary permissions issued the command and it was the same person that was locked, it implicitly assumed it could unlock without a passowrd?

Is the same true if a sysadmin sends the shutdown command remotely to a locked workstation of a non-priv'd end user that has unsaved data?  Would that not auto-unlock the locked workstation without a passowrd or is it the privs of the shutdown command executer that are being used?
0
 
junior15Commented:
I have never seen this documented. I was just expressing my opinion based on my experience.

I haven't had an opportunity to test the different scenarios to see if/when the workstation will unlock for a shutdown. It shouldn't be that difficult to test it out yourself.
0
 
Danny ChildIT ManagerCommented:
I'd be interested to see if issuing a (ps)shutdown request from a remote PC under a different user context would unlock a PC.  I would be surprised if it would.

However, if issued under the user's context, then it may do.  In essence, it already has the same access rights as just entering your password to unlock the pc.  

Let me try this a work later and I'll post back the results....
0
 
Danny ChildIT ManagerCommented:
Tried it, and it only seems to unlock the PC as you describe if you yourself request the shutdown while logged onto the pc directly, not remotely.  

In fact, if you do a manual Start.. Shutdown.. with an open doc, and then Cancel the option to save it, it also aborts the shutdown.  

Both of which make sense really - it saves you from losing work.  I tried triggering remote shutdowns using both shutdown.exe and psshutdown.exe, and neither of them would cause a locked PC to **unlock**, no matter what credentials I supplied, even if they were the same ones as the current user of the PC.  

using PSshutdown with the -f parameter DOES get the pc to reboot even when open documents are there (changes are lost), but that's the point of it.  

However, none of them seem to cause any security hole.  In essence, the behaviour you describe is simply you aborting a shutdown that you have requested if open documents exist.  Can't see any major flaws in this, or am I missing something?
0
 
junior15Commented:
The only "flaw" could be that if you run the shutdown command with a time delay of say 2 hours then keep working and then lock your computer to go do something else. When the 2 hours hits and your computer tries to shutdown, it will unlock if you have unsaved files. Since you are no longer around, this would be a security risk. However, it's a risk that is easily mitigated by not initiating a delayed shutdown and then locking your computer if you have unsaved work.

One reason I can think of off the top of my head to do this would be if you had some process running (file transfer, encoding session, etc) that you didn't want to interrupt, but you wanted your computer to reboot (to allow updates to take effect) after you left. The safest thing to do in that case would be to first, make sure you close everything else and second, issue the shutdown command with the /f option so it forces the shutdown even if there are open files.

Hope this helps.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now