Unlock computer when switch user is turned off?

[justusthane]

I don't know how this works exaclty but if I do CTrl-Alt-Del a number of times, I eventually get the option to log in as a new user. This has worked for me a number of time on my library's loaner laptops. I'll have to pay more attention next time to see if it's a set number of repetitions that makes it work.

Thanks for the tip; unfortunately, no luck for me. I would be curious to know exactly what you do—do you Ctrl-Alt-Delete, and then hit escape to get back to the initial lock screen, and then repeat from there, or do you just repeatedly hit Ctrl-Alt-Delete?

Appreciate any additional info! What an annoyance :sa:

 

[FliGi7]

Thx for the suggestion and this is a partial solution - I was just trying to prevent having all the machines keeping the port for mstsc open. Also, when the remote user logs into the locked machine, the locked user's session is still running (verified that after logging in and checking task manager) - this method does give back the CTRL-ALT-DEL but it seems the only way to clear out those sessions is still to reboot the box

This shouldn't be the case if you start the terminal client as "mstsc /admin". That should logoff the remote user when you logon.

 

[bill03053]

Does anyone have an answer for this? I am having the same problem unlocking a win7 box on a domain with admin credentials and fast user switching turned off. The only solution I have found is either remote or cycle the power.

 

[hokieman91]

Thanks all for looking into this - the biggest issue I have with this is just that as a network admin, I wanted the ability to decide where and "if" I wanted to allow multiple logins.

Bill - you are doing it the only way I have found to work with FUS off - which is a bummer~~

FliGi7 - "mstsc /admin" would work but since I work at a school, I always have to stay (or try too) ahead of the hack attack from upper and now even middle school kids are attempting and from a security aspect, I can't afford to leave the RD port open anymore- ran into that a few years back~

We have learned to live with it and the teachers that monitor labs know that if a laptop or PC starts running through the mud to just reboot the box~~

It's only a small percentage of my machines where I would like that flexability (like XP) but 7's perks outweigh that annoyance~~

Good forum -

 

[bill03053]

Thanks for the reply. It looks like we will just have to wait for Microsoft to provide a solution for this. They cant expect everyone to keep FUS enabled.

 

[FliGi7]

FliGi7 - "mstsc /admin" would work but since I work at a school, I always have to stay (or try too) ahead of the hack attack from upper and now even middle school kids are attempting and from a security aspect, I can't afford to leave the RD port open anymore- ran into that a few years back~

Change the RDP port. Are they sophisticated enough to identify RDP running on a non-standard, ephemeral port?

 

[hokieman91]

We actually do have a few crafty students in our programming and robotics classes that I have to stay ahead of and since I don't use RDP for managing terminal sessions on local machines (just our servers) it's not worth the time to make that change domain wide (just to log off a user)
It was a pain in the beggining and can be a thorn from time to time but the teachers have adjusted
thx

 

[Mystere]

You shouldn't need to hard power down. Even if it's locked, you can press the power button and it will shut down gracefully, losing any unsaved work by the user.

 

[Mystere]

We actually do have a few crafty students in our programming and robotics classes that I have to stay ahead of and since I don't use RDP for managing terminal sessions on local machines (just our servers) it's not worth the time to make that change domain wide (just to log off a user)
It was a pain in the beggining and can be a thorn from time to time but the teachers have adjusted
thx

I'm sorry, but if it were me.. I'd take a very hard stance on attempted hacking. Place cameras in the labs, and when a hack attack is identified, simply find the computer and check the video for who the student is, then have them expelled for vandalizing school property.

Your problem is that you're lax on students committing crimes.

Still, there are plenty of tools to manage remote users of desktops. You can use Terminal Services Manager to log off users remotely, without even needing to log into the box.

You can also use Shutdown /l /m \\computername, the /l is a logoff command and does not shutdown the computer.

You can install remote client managers, such as DameWare NT Utilities, Remote Task Manager, SMS, Sentinel, Sunbelt Remote Management, etc...

I really fail to understand your issues with having the remote desktop port open. If the student can log on to the machine locally, why would you care if they can do so remotely? Even so, you can use Group Policy to control who can and can't access the computers, and at what times of day.

 

[hokieman91]

Thank you Mystere for your suggestions. I assume you have never worked in a school environment since your stance of absolutes would never fly. Dicipline is never handled by the technology department in a school environment and, yes, my stance is always far more harsh than what is currently handed down.
The "lax" you refer too is NOT from my department as we always battle students attempting to see what thery can get away with.

The balance of security and workability will always a juggling act and I have no desire to micromanage over 1200 machines (a closed port can't be hacked). I also have zero need to have the RDP port open to manage terminal sessions.
Using the power button also depends on what system you are on - I am using the power save options from 7 so most machines will simply suspend and not power down - which is what I want anyway.
I already have a remote managing solution and my goal was to simply provide the teachers an easy way to bump out logged in users without having to reboot the box and having FUS off and act like the older XP-

This is no longer a problem for me - I kept respoding to this post in hopes of helping others since I know this was something others were dealing with

thank you.

 

[siegrisj]

Did anyone ever come up with a good solution for this? I'm in the exact same situation

 

[FliGi7]

There are several suggestions and possible solutions in this thread. If none of those fit, you'll just have to roll your own.

 

[logicearth]

Turn Fast User Switching on. There you go.

 

[drewlt]

Technet forum post on this with a custom dll:
How to Unlock Windows 7 Enterprise when another user has locked the screen?

 

[cathym]

Have a look at Unlock Administrator (e-motional.com software -- Unlock Administrator for Windows). This program allows you to define what users or groups of users can unlock the session. They can be allowed to either unlock completely or just log that user off. Those doing the unlocking do not need to be administrators. Unlocking can also be done remotely. Give it a try and let us know what you think of it.

 

[jcwarren]

For justusthane you need to run task manager elevated if UAC is on. Then you can do the switch user thing and log off the other user. There is however, no way to do this from the GINA as has been the case forever (well, at least all of XP's life). What's up with that?

There should be a Group Policy setting to provide a means for a member of the local administrators group to log off a user on a locked workstation. Since this was the standard behavior with XP, there should be no need for a 3rd party tool or custom DLL.

Pretty annoying...

 

[bruces]

Amazingly, CPTaylor's solution to hit CTL+ALT+DEL worked! You have to hit the 'Cancel' button once that pops up again, but repeating the sequence of CAD + Cancel got me to a screen where I could switch to another user. Maybe someone else could verify this works again.