Solved

How do I configure WIN 7 Pro to allow only one user at a time

Posted on 2012-03-30
9
334 Views
Last Modified: 2012-04-04
Hi experts,

I am beginning to think this is not possible given I have worked on it for days using the server's group policy as well as local and Local Security Policy. Add to that, paying Microsoft $259.00 to show me what I already knew didn't work.

To try to keep this concise, I will simply state what my objective is. I simply want, like it was in XP Pro on my domain, to automatically log one user out when another user logged in. When a computer had been logged off, you would be at the Windows Welcome Screen and anyone with the proper log on credentials could log in. If, however, the computer were locked, the previous user was logged on and all of his/her programs, etc. were still active.

Another user with local admin privileges could log in with their username and password as it didn't remember the last user. But, when they hit enter to log on, they were given the message that they would be logging off the other user. For our network that was a good thing.

In group policy, I enabled "Hide Entry Points For Fast User Switching." This didn't work. I then used the Local Security Policy to "Do Not Display Last User Name." Requiring CTRL + ALT + DEL didn't seem to change things either way.

In playing around with these settings, you either make it where anyone can log in no matter how the log in screen got there or some scenarios where remembering the last username allowed only that user to log in.

Anyway, no matter how I set it up, when a second user logged on, the other user continued to stay logged in as would any other user. This causes problems with backups and running the same program for two different users.

So, maybe all this info is helpful or maybe confusing. But, again, I just want WIN 7 Pro on a domain using SBS 2008 Standard to only allow one user at a time.

Thanks.

Bert
0
Comment
Question by:Bert2005
  • 5
  • 3
9 Comments
 
LVL 28

Expert Comment

by:Run5k
Comment Utility
"In group policy, I enabled Hide Entry Points For Fast User Switching.  This didn't work." ~ Bert2005

What did happen when you enabled that policy?  That's exactly what we are utilizing on our domain, and it effectively ensures that only one user is logged into our Windows 7 Enterprise workstations.
0
 
LVL 15

Expert Comment

by:Perarduaadastra
Comment Utility
When you enabled Hide Entry Points For Fast User Switching in group policy, did you either wait for the policy to update, or force the update, before checking to see if it worked?
Also, wouldn't you want this policy to be effective across the entire domain rather than just on a group within said domain?
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
I have HEPFFUS turned off (even though it shows up in RSOP), but it does not affect the clients.

When a client whether connected to the domain physically or not connected physically, Fast User Switching is turned off. You can see it greyed out in the Start Menu, and I cannot find it in Task Manager. It is not available when logging in.

The only problem is if a user is logged on and locks the computer, even with do not remember last user (which I think applies to log offs and restarts), no one can log in other than that user. That is a problem, and the other way works better.

With the setup in XP, a local admin could log in as the classic logon allowed username and password. Finally, when I allow that, a new user can log in, but the old user is still logged in, hence the problem.

Thanks Run5K. Please stick with me.
0
 
LVL 28

Accepted Solution

by:
Run5k earned 500 total points
Comment Utility
I'm always glad to help, but I think that your question's topic sentence may be accidentally misleading.  It simply says "How do I configure WIN 7 Pro to allow only one user at a time."  In face, the group policy to Hide Entry Points For Fast User Switching will achieve exactly that result.

Essentially, what you really want is more than that.  Unless I'm mistaken, you want it to work the way that Windows XP did where a person with full admin privileges can log into a locked machine and it will gracefully logoff the first person in the background.  Unfortunately, that capability doesn't exist on a Windows 7 machine.

As I said, we have a group policy implemented on our domain to Hide Entry Points For Fast User Switching.  If one of our administrators needs to log into a locked machine, they have our Help Desk team use either the native Shutdown command or the PsShutdown command to remotely reboot the machine.  It may take an extra minute, but it gets the job done smoothly.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Run5k,

Sorry for the confusion with the title of the question and thanks for your help. Your last post has been invaluable. Likely it was due to my trying diligently to get right to the point. Trust me, it was hard (for me). I certainly didn't get my question understood by Microsoft as you answered it in two posts.

I do not understand Microsoft at times. In fact, I am sure many don't. I don't know why they change a very good thing to one I think is not as good. I realize the key there is "I think." We certainly don't have a help desk (I am the help desk, and I can't change anything without remoting in while I am driving to work). So, I just have them do a hard reboot and all is well. At least I have it where log offs and restarts as well as hard reboots bring us to a log on screen which anyone can log into.

I guess my question has been answered so a diatribe is not really in order. But, it shouldn't be that difficult to allow any local admin to log in or a domain admin to provide access while not allowing two concurrent users. At least as a preference. Given the current choice, I will have to go with two users logged on at once.
0
 
LVL 28

Expert Comment

by:Run5k
Comment Utility
Bert,

Your frustration is certainly understandable.

At the same time, we need to remember that while some functions within the Windows XP operating system seemed more convenient and aided capability, they also led to security and stability problems.  While that may not necessarily be the case in this particular scenario, Microsoft was forced to change several capabilities and lock-down both Vista & Win7 in order to build a more secure, stable operating system.  Of course their are pros & cons to doing this, but ultimately I think that the advantages outweigh the detrimental factors.  Windows 7 is a terrific operating system, and with the paradigm shift that the Windows 8 metro interface is causing I think that we will see Win7 workstations in the corporate environment for many years to come.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Perarduaadastra and Run5k,

Thanks Perarduaadastra.

Actually, it was across the entire domain. It was Micrososft that suggested I make a new OU with just one computer to simplify things. I have changed it back. Yes, I forced the gpupdate. Thanks.

Run5k, I agree that WIN 7 Pro is even better than XP. I agree that some things are better for some and vice versa. I do that that having only one "live" user is safer than three people logged in, but I don't have all the info. It is nice (if possible) if one has choice. For instance, you can use Hide Fast User Switching to allow only one user or you can allow it to allow more users. I can definitely see advantages of being able to switch between users as long as one logs off at the end.
0
 
LVL 1

Author Closing Comment

by:Bert2005
Comment Utility
I have to give the answer to Run5k, although I was able to do more Googling and find a way to unlock the computer after applying Hide Fast User Switching. This method virtually does change the functionality back to XP  where a local admin can unlock a locked computer, the exact problem I was faced with. It also logs off the other user.

My group policy was to:

1. Allow Hide entery points to Fast User Switching
2. Do display last user name
3. Do not require CTRL + ALT + DEL (optional)

I then found this download, AdministrativeUnlock:

http://www.box.com/s/90b04b68e78e44213835  (and installed to all machines)
 
This resulted in this extra icon if a computer was locked shown below.

The program below seems it would give one more functionality, but I am not sure as I didn't download it. I couldn't find a trial version.

http://e-motional.com/ULAdmin.htm

So, I was able to configure my clients the way I wanted them. If you find a hole in it, please don't tell me. :)

Thanks for the help.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Administrative Icon
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I found out last night windows update has a problem regarding 4 latest updates that fail.  The way to get all 4 them installed is install sp1 first and restart then one by one with a resart in between as they fail every time if all the four updates …
I hope this helps those who have been battling the SanDisk / U3 problem for a while. For anyone that is running Windows 7 64bit and is receiving and searching the internet for the “Windows Error: Windows has allocated a drive letter to the U3 dri…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now