Users logging off other users
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
I'm using a 2000 SP4 Server using XP SP2 Professional clients. When staff
logon, their desktop locks after 5 minutes of inactivity. A pupil however can
enter their username and password and force the staff user to logoff.
How can I enforce a policy whereby pupils cannot force a staff user to
logoff and that only an administrator or the user themselves can unlock the
workstation.
Staff and pupils are currently not part of the administrator group, but only
their own group and domain users.
Many thanks
I'm using a 2000 SP4 Server using XP SP2 Professional clients. When staff
logon, their desktop locks after 5 minutes of inactivity. A pupil however can
enter their username and password and force the staff user to logoff.
How can I enforce a policy whereby pupils cannot force a staff user to
logoff and that only an administrator or the user themselves can unlock the
workstation.
Staff and pupils are currently not part of the administrator group, but only
their own group and domain users.
Many thanks
More about : users logging users
Archived from groups: microsoft.public.win2000.security (More info?)
Exactly how are they causing the staff to logoff?? That would either require
local administrator credentials or they are simply rebooting the
omputers. --- Steve
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:9A9DF1D7-0CDA-4A7E-80B9-1199262C5AA3@microsoft.com...
> I'm using a 2000 SP4 Server using XP SP2 Professional clients. When staff
> logon, their desktop locks after 5 minutes of inactivity. A pupil however
> can
> enter their username and password and force the staff user to logoff.
>
> How can I enforce a policy whereby pupils cannot force a staff user to
> logoff and that only an administrator or the user themselves can unlock
> the
> workstation.
>
> Staff and pupils are currently not part of the administrator group, but
> only
> their own group and domain users.
>
> Many thanks
Exactly how are they causing the staff to logoff?? That would either require
local administrator credentials or they are simply rebooting the
omputers. --- Steve
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:9A9DF1D7-0CDA-4A7E-80B9-1199262C5AA3@microsoft.com...
> I'm using a 2000 SP4 Server using XP SP2 Professional clients. When staff
> logon, their desktop locks after 5 minutes of inactivity. A pupil however
> can
> enter their username and password and force the staff user to logoff.
>
> How can I enforce a policy whereby pupils cannot force a staff user to
> logoff and that only an administrator or the user themselves can unlock
> the
> workstation.
>
> Staff and pupils are currently not part of the administrator group, but
> only
> their own group and domain users.
>
> Many thanks
Archived from groups: microsoft.public.win2000.security (More info?)
Yes they are setup as local admins through the MMC console. This is so their
desktop appears correctly. Is there no way I can deny pupils to logoff staff?
Yes they are setup as local admins through the MMC console. This is so their
desktop appears correctly. Is there no way I can deny pupils to logoff staff?
Archived from groups: microsoft.public.win2000.security (More info?)
Hello Mike,
If your users are local admins they will be able to control the
workstations regardless of policy or other mitigations. You may need to
address the issue that causes thier desktops to not display properly if
they are not admins. We ca assist if you could provide more details.
What exactly does not display properly if they are not local admins?
This posting is provided "AS IS" with no warranties, and confers no rights.
Hello Mike,
If your users are local admins they will be able to control the
workstations regardless of policy or other mitigations. You may need to
address the issue that causes thier desktops to not display properly if
they are not admins. We ca assist if you could provide more details.
What exactly does not display properly if they are not local admins?
This posting is provided "AS IS" with no warranties, and confers no rights.
Related ressources
- I'm not able to log into other users on windows 7. - Forum
- How to prevent users from logging on the local machine? - Forum
- No signal when logging off /switching users - Forum
- Log off Users from their PCs - Forum
- Other users unable to logon - Forum
Archived from groups: microsoft.public.win2000.security (More info?)
As long as they are local administrators there will be no technical way to
prevent them to logging off other users. The solution would be to look at
ways to not make them local administrators. Often applications can have
permissions modified for ntfs or the registry to allow users to run non
Windows 2000 compliant applications. Maybe power users would also work for
the user? If there seems to be no way then implement a user policy that
restricts what a user can do. You can implement auditing of account
management and logon events to see exactly what users are doing what if you
need to enforce written user policy. If you do implement written user policy
have each user sign a copy for their files and give them a copy for their
personal possession. --- Steve
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:0A6DB247-0AF5-4C05-BD97-A63E449A460F@microsoft.com...
> Yes they are setup as local admins through the MMC console. This is so
> their
> desktop appears correctly. Is there no way I can deny pupils to logoff
> staff?
As long as they are local administrators there will be no technical way to
prevent them to logging off other users. The solution would be to look at
ways to not make them local administrators. Often applications can have
permissions modified for ntfs or the registry to allow users to run non
Windows 2000 compliant applications. Maybe power users would also work for
the user? If there seems to be no way then implement a user policy that
restricts what a user can do. You can implement auditing of account
management and logon events to see exactly what users are doing what if you
need to enforce written user policy. If you do implement written user policy
have each user sign a copy for their files and give them a copy for their
personal possession. --- Steve
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:0A6DB247-0AF5-4C05-BD97-A63E449A460F@microsoft.com...
> Yes they are setup as local admins through the MMC console. This is so
> their
> desktop appears correctly. Is there no way I can deny pupils to logoff
> staff?
Archived from groups: microsoft.public.win2000.security (More info?)
Thank you for both your replies! On a few workstations I moved the Student
group from local admins to local power users - and this did stop pupils
logging off locked staff workstations. However, the pupils desktop and start
menu is controlled via Folder Redirection in Active Directory to standardise
the appearance and applications available to pupils.
I have specified certain folders and shortcuts to appear and want pupils to
use the classic start menu. When I move the student group to the local power
users group, the start menu appears as the new XP one (just like Windows
Server 2003's start menu) and the incorrect icons are appearing on the
desktop.
By returning the student group back into local admins - the start menu and
desktop appear correctly. Many thanks!
Thank you for both your replies! On a few workstations I moved the Student
group from local admins to local power users - and this did stop pupils
logging off locked staff workstations. However, the pupils desktop and start
menu is controlled via Folder Redirection in Active Directory to standardise
the appearance and applications available to pupils.
I have specified certain folders and shortcuts to appear and want pupils to
use the classic start menu. When I move the student group to the local power
users group, the start menu appears as the new XP one (just like Windows
Server 2003's start menu) and the incorrect icons are appearing on the
desktop.
By returning the student group back into local admins - the start menu and
desktop appear correctly. Many thanks!
Archived from groups: microsoft.public.win2000.security (More info?)
Hi Mike.
It sounds like you have permissions problems with folder redirection. Check
the permissions to make sure that the user has proper permissions to the
items in question. I have not used folder direction a lot - particularly
with start menu. You might want to post in the win2000.setup_deployment
group explaining your problem to see if anyone can help you over there with
correct permissions or other alternatives. . --- Steve
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:2C45F7CC-B907-4F3E-9D23-F15E2521CFC3@microsoft.com...
> Thank you for both your replies! On a few workstations I moved the Student
> group from local admins to local power users - and this did stop pupils
> logging off locked staff workstations. However, the pupils desktop and
> start
> menu is controlled via Folder Redirection in Active Directory to
> standardise
> the appearance and applications available to pupils.
>
> I have specified certain folders and shortcuts to appear and want pupils
> to
> use the classic start menu. When I move the student group to the local
> power
> users group, the start menu appears as the new XP one (just like Windows
> Server 2003's start menu) and the incorrect icons are appearing on the
> desktop.
> By returning the student group back into local admins - the start menu and
> desktop appear correctly. Many thanks!
Hi Mike.
It sounds like you have permissions problems with folder redirection. Check
the permissions to make sure that the user has proper permissions to the
items in question. I have not used folder direction a lot - particularly
with start menu. You might want to post in the win2000.setup_deployment
group explaining your problem to see if anyone can help you over there with
correct permissions or other alternatives. . --- Steve
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:2C45F7CC-B907-4F3E-9D23-F15E2521CFC3@microsoft.com...
> Thank you for both your replies! On a few workstations I moved the Student
> group from local admins to local power users - and this did stop pupils
> logging off locked staff workstations. However, the pupils desktop and
> start
> menu is controlled via Folder Redirection in Active Directory to
> standardise
> the appearance and applications available to pupils.
>
> I have specified certain folders and shortcuts to appear and want pupils
> to
> use the classic start menu. When I move the student group to the local
> power
> users group, the start menu appears as the new XP one (just like Windows
> Server 2003's start menu) and the incorrect icons are appearing on the
> desktop.
> By returning the student group back into local admins - the start menu and
> desktop appear correctly. Many thanks!
Related ressources:
- ForumRemote desktop connection without logging off current user
- ForumWindows XP Home automatically logging users off
- ForumLogging off users
- ForumLogging off Users
- Forumfollow other users on PC
- ForumXP Administrator can print, other users can't
- ForumOffline files/folders trying to synchronize other users of..
- ForumParallel and com ports not appearing in device manager
- ForumLocking computers down so that users cannot change any set..
- ForumLogging in interactively
- Forumadding users to shares with scripting
- ForumAD structure for users
- ForumNeed help please, Having trouble finding/adding users for ..
- Forumlogging user activity in windows
- ForumLogging off Users
- More resources
!
