?
Solved

Disable User Switching but Retain Ability to Log Off Locked Computer

Posted on 2012-08-16
4
Medium Priority
?
695 Views
Last Modified: 2012-09-07
We have a group of Windows 7 Pro machines in a Windows 2008 R2 domain that lock after a few minutes of inactivity.  Currently the machines all have User Switching enabled which I would like to disable so that we cannot have old sessions active on the computers.  

If we only disable User Switching, we are unable to log on as a different user once the machine is locked.

So....  How do we accomplish the following on our system.

- Remove the ability to have more than one user logged into the same machine
- Have the option for an administrator to log onto a locked computer and thereby force the log off of the locked user

BONUS
- Is it possible to create a domain account that has just enough privileges to unlock the computers but no other Admin access on the computer or network?
- Is it possible to have the computers automatically log off if they have been locked for more than 5 minutes?

Thanks!
0
Comment
Question by:AutomatedIT
  • 2
3 Comments
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 2000 total points
ID: 38301710
Hi.

I am quite sure that after removing fast user switching, the ability for an admin to log off users who locked their computer will be there without further effort - simply try it.
Bonus 1: No.
B2:  You can create a task that has the trigger "on workstation lock" and starts a batch that waits for 5 minutes and then fires shutdown -l for logoff.
Problem: If the user logs back on we need to stop that task... let me think about how to achieve that.
0
 
LVL 57

Accepted Solution

by:
McKnife earned 2000 total points
ID: 38301848
Ok, took the challenge and figured out B2 in detail, works. To reproduce: create two task called t1 and t2 here.
t1: user: system, password:blank [no, this is no security risk but by design]. Trigger: on workstation lock of any user, but delay task for 5 minutes. Action: rwinsta console
t2: user: system, password:blank. Trigger: on workstation unlock of any user. Action: schtasks /end /tn t1

[For a test, set the delay to 10 seconds]
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 38377257
I've requested that this question be closed as follows:

Accepted answer: 250 points for McKnife's comment #a38301710
Assisted answer: 250 points for McKnife's comment #a38301848

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question