vendredi 14 mai 2010 15:07I had a simple question about Windows 7 Enterprise. I am a computer technician in a corporation serviceing 7000+ PC's. In the past (on Windows XP Professional) when a user would lock the computer we as administrators could unlock the computer and force the log off of the user. Can this feature or one similar be applied In Windows 7 Enterprise if Fast User switching is turned off?
- Déplacé Carey FrischMVP, Moderator mardi 5 avril 2011 15:58 Moved to more appropriate forum category (From:Windows Vista Desktop UI)
Toutes les réponses
vendredi 21 mai 2010 21:33
Yes, there is significant changes to user switch comparing Windows XP & Vista or 7.
Windows 7 & Vista offers mutli login for users within domain and to log off any user: you have to login to a computer using administrator account - open task manger - users tab - from the panel you will get access to manage log in users.
Bart Kurowski IT Support Analyst, MCP, MCTS, MCITP, MCAS
mardi 14 décembre 2010 20:47
Yes, but how do you log in to the already locked PC when the boss has deemed the snazzy new "fast user switching" and RDP verboten? Is there no way to unlock a locked desktop short of cutting power??
jeudi 24 mars 2011 20:44
I too have this same question...
In our environment we have "fast user switching" disabled and our workstations set to lock after 15 minutes (for security)...
On Win7 workstations that are shared by multiple employees, the previous user forgets to log off when they walk away, and the next user is unable to login. The only options we currently have is to hold the power button in to shut down the workstation...
We need to be able to unlock (force logoff) a workstation, like we did with Windows XP...
Anybody got any ideas on how to do this with "fast user switching" disabled?
mercredi 30 mars 2011 08:44
I am having the same issue and as yet am unable to find a solution other than resetting the machine as you say... which is obviously not a good thing. There must be a way to do this as this must be occurring all over the place. If I find something I'll post it up..
mercredi 18 mai 2011 10:32
I developed a possible solution to this problem which at the moment is undergoing MS Review. I'll keep you updated on the progress. I already tested it in our infrastructure and it works.
vendredi 20 mai 2011 06:47
Hi, i'm in need of this too.
Windows 7 Pro, domain joined with fast user switching disabled. If you need anymore testers for your solution i'd be happy to volunteer.
vendredi 20 mai 2011 23:07
with a client desktop locked-what do you get with a Alt+W?
mardi 24 mai 2011 17:37
with a client desktop locked-what do you get with a Alt+W?
On Windows 7 Enterprise x64, [Alt]+[W] does nothing at:
- the "press Ctrl+Alt+Del to unlock" screen,
- the "enter current user password" screen, or
- on the "other credentials" screen (only viewable on laptops with smart card readers)
What did you think [Alt]+[W] would do?
mardi 24 mai 2011 20:47Any word on the solution yet?
mercredi 25 mai 2011 06:45
Yes, we're making progress with the review process. Currently, the solution is being reviewed by the Design and Product group teams. My hope is that they are going to "officialize" the solution and make a hotfix/patch/feature pack using the same technologies themselves. This way, every admin around the world could use the solution and be sure to use Microsoft sanctioned code.
If this process "fails" and all i get is "it's ok to do it this way, but we won't officially embrace it" or something along these lines, i'll upload it somewhere myself (including source of course). But until then, i'll keep it to myself.
vendredi 10 juin 2011 07:31
I have an OK from Microsoft that the proposed solution is within "Windows" design boundaries. I uploaded the compiled x86 and x64 binaries to http://www.filefactory.com/file/ccb8b53/n/AdministrativeUnlock.zip. Batch Files for easy (de)installation is included. Just use "Run as Administrator" with the Batch file for your platform, the lock the machine. When trying to unlock, you should have a "Other Credentials" Button. Click it, select "Administrative Unlock", then enter username and password of a user which is in the local Administrator Group.
Please provide feedback here, there's no other place i could use.
- Proposé comme réponse Justin007 lundi 20 juin 2011 14:07
vendredi 10 juin 2011 20:03Please use your skydrive public folder- what the #@#@^$% is that link?
vendredi 10 juin 2011 21:35Ok, made a skydrive profile and shared a folder with the public. you should be able to get it there - http://cid-9363831414c526a5.office.live.com/self.aspx/Public/AdministrativeUnlock.zip
- Proposé comme réponse Master ALF jeudi 16 juin 2011 10:52
lundi 13 juin 2011 19:52Works great thanks.
mardi 14 juin 2011 17:58
Oliver, do you have a similar solution for Windows 7 Professional? I tried the solution you created for Enterprise on a W7 Pro box with no success.
mardi 14 juin 2011 18:11
What kind of problem are you experiencing?
For Installation, make sure you choose the batch-file for the right architecture (x86 / x64) and also make sure to start the batch file by Right-Clicking it and then selecting "Run as Administrator...". Even if you are logged in as local admin, you have to start it that way or it won't work. To my knowledge, there should be no difference between Win7 Enterprise and Win7 Professional regarding this solution (using a custom Credential Provider), so i think you're doing something wrong along the way.
mardi 14 juin 2011 23:43Thanks Oliver F!! I have been looking for a solution on this myself. I'll give it a shot tomorrow. Although, I got a couple questions though. First is when you refer to "start the batch file" are you referring to "Install_x86.cmd" (for a 32bit Windows 7 Prof machine)? The other question is when you say Microsoft has given you an OK, does this mean that Microsoft will "make a hotfix/patch/feature pack using the same technologies themselves"? Again, Thanks for the help!!
mercredi 15 juin 2011 06:10That is correct, i'm talking about the two Install-Batch Files, which would be "Install_x86" for a 32-Bit Windows 7 Machine. The decision whether Microsoft will do something themselves or not is still up in the sky, but they gave me the "OK" to use it because in their review there was nothing to complain about (regarding the program code and the use of API calls, which could've gone against the basic design guidelines but did not).
mercredi 15 juin 2011 12:33Just put it on my Windows 7 Professional machine and it worked great!! The only thing I found was I needed to use the local administrator account for the computer for it to work. The domain administrator account didn't work. Great solution though!! Thanks again Oliver F!!
mercredi 15 juin 2011 13:18You need to use an account that is a member of the machine's local "Administrators" group. Whether that is a domain user or local user is irrelevant.
jeudi 16 juin 2011 10:22
We have been looking for a solution since the Win7-release in june 2009.
This DLL-fix works fine, and easy to install/deploy to our computers... Great work!
jeudi 16 juin 2011 10:58
Ok, made a skydrive profile and shared a folder with the public. you should be able to get it there - http://cid-9363831414c526a5.office.live.com/self.aspx/Public/AdministrativeUnlock.zip
Works great. Thanks for the sulution
jeudi 16 juin 2011 16:06At this point is the unofficial download the only option that's going to be available, or will it eventually be rolled into a hotfix from ms?
mercredi 6 juillet 2011 18:43
@Gai-jin --- I'm waiting and wondering the same thing. My organization, with 2000+ Windows 7 Pros, is having this same issue. Right now the solution is hard shut-downs all over the campus... not exactly an elegant solution.
I would go with Oliver F's solution, but unfortunately corporate policies don't allow. I really need an official Microsoft solution.
Anyone heard anything?
System Admin and Resident Sandcastle Builder :) www.Sandcastling.com
mercredi 6 juillet 2011 23:00
As a workaround we’re using remote desktop to logoff computers with locked users.
Our corporate security policy doesn't allow Oliver’s program and I’m pretty sure PCI doesn’t either. We would need something official from MS.
jeudi 7 juillet 2011 11:53
I don't know why, but using RDP never entered my mind. Brilliant workaround, Ross.
Which leads me to think (sometimes dangerous that can be) that one of Mark Russinovich's infamous PSTools could be of help. Particularly this command:
psshutdown \\RemoteSystem -o
Despite how the command looks -- shutting down the system -- the '-o' switch instructs the system to only "Logoff the console user"... and stop there. I'll have to give it a try, but it should work.
Still hoping MS will come through with a tweak. It is so hard to believe that such a relatively simple, and helpful thing could have been intentionally removed... with no way to change via GPO.
System Admin and Resident Sandcastle Builder :) www.Sandcastling.com
lundi 11 juillet 2011 06:08I don't believe something official will be available within a reasonable timeframe. Meanwhile, would your corporate policies allow for you to compile a solution yourself? It's really not that complicated a program, as it's essentially a Credential Provider that logs a user off upon entering your credentialy instead of unlocking the screen/logging you on.
lundi 11 juillet 2011 12:23
thank you for providing your solution. You mentioned something about recompiling. Can you provide the sourcecode?
Thanks in advance, Th0u
lundi 11 juillet 2011 12:31I added the source files to my public skydrive folder, you can grab it here: https://skydrive.live.com/?cid=9363831414c526a5&sc=documents&uc=1&id=9363831414C526A5%21105. You will need Visual Studio 2010 and the Windows SDK (v7.0A) to be able to compile it. I hope it'll work this way.. if not, i may have to include all the external dependencies in the project, which i'd rather not do.
lundi 11 juillet 2011 14:55
vendredi 5 août 2011 14:56
I'll add my thanks for your providing the tool, and being generous enough to provide it the source. As with some (too few) other shops, there's no way I could use a binary from any source other than an identifiable corporation, but with the source that isn't as large an issue.
One question: What is the copyright status of the files? Based on this thread you're the author, and they were not a work-for-hire, but each of the files in the source ZIP file carries a Microsoft copyright notice (perhaps inserted during Microsoft's review?). My facility has a strong policy regarding IP and I need to be able to assure management that we have the legal right to use the programs. The CSample* files are distributed by Microsoft and aren't an issue but the others - the heart of the unlock function - are the problem.
Thanks again for the tools.
vendredi 5 août 2011 19:40
Where should this "Other Credential" button appear? I'm just testing this and I'm not seeing it anywhere.
EDIT: I didn't run the .cmd file as Administrator so I was getting an access denied when it tried to copy the .dll file.
dimanche 7 août 2011 09:04The solution is based on a sample included in the Windows SDK. It's basically a partly rewritten Credential Provider Sample. This "should", but don't quote me on that, allow you to use it without restrictions. If you're unsure about the license, get in contact with Microsoft and ask about the Status of code included in the Windows SDKs. What files are you talking about that could be the problem, because i didn't add anything extra, the include files were added by VS2010 automatically and should be part of the Windows Operating System.
lundi 8 août 2011 14:43
You've answered my question; as long as the copyright notices are all from the SDK samples (which are clearly distributable) plus your changes there shouldn't be any problems from the IP people. Your comment upthread about submitting it to Microsoft was the source of my concern. (And thanks for the quick response!)
Here's another question/request for you: how practical would it be to integrate normal (PKI-based) smartcard authentication with your code? My problem is that while I'm no stranger to system-level programming (I learned it on an IBM 7090 and a DEC PDP-1) I'm only marginally proficient with C++ and haven't worked with credential providers except to try (as a work in progress!) to figure out how the force-off code works. My organization's problem is that while we currently use normal userid/password authentication we will be moving to smartcard-based logon in the not-too-distant future and part of my job is to avoid introducing problems for smartcard users.
A suggestion for readers who are implementing this on a kiosk system (or anything similar, such as a conference room machine): consider deleting the test for membership in the administrators group (i.e., in the IF statement testing bIsAdmin, always execute the true branch). This will allow any user to force off a session that a previous kiosk user has impolitely failed to close. It would be inappropriate to allow this on typical desktop systems but for systems used by the general user population it avoids calling out an administrator (or a forced power-off)...and I have little sympathy for someone who loses edits because they left a kiosk system locked.
mardi 9 août 2011 06:21
I am sorry to say that i didn't dabble in the use of smartcards as of yet. I have no idea what API calls would be necessary, or rather, what happens if a user inserts a smartcard into the computer. You might want to check out the SDK documentation on this, or maybe even find a Credential Provider that is suitable for smartcards (there is a hardware sample credential provider in the Windows SDK) and try to insert my code at the appropriate place. Though, you shouldn't forget that if you were to do that, you'd have TWO additional providers installed, because obviously, you can't cram both methods combined in one Credential Provider (well, as far as i know you can't).
Having had a short look at the Hardware Sample code in the sdk, it even seems the function where i did the changes would be unaffected by the methodology of credential input (makes sense this way, too), so it might be really easy to change that one around the same way. The only difference between HID-Input and Hardware-Input of credentials lies in the Input-Methodology, the authentication process would/should be essentially be the same. Hope that helps, i can't even try to develop that because i lack the infrastructure to test it.
Your suggestion about unlocking machines w/o administrative privileges is suitable, but i'd propose adding a local user group on the systems (named appropriately, like "System Unlockers") and put the domain administrators into this group by default, and adding "everyone" on those kiosk systems. That way, you still have control over it and could even add certain non-Administrators on some PCs. Stupid me for not having thought about that before, would make more sense to check for either Administrator OR <insert group name here> membership. Oh well...
mercredi 24 août 2011 21:57
I also thank you for this.
We use lenovo thinkpads and many of them have fingerprint readers which are also shimmed into the logon process.
It appears that when I add this after the fingerprint reading software is installed, that it simply enable fast switching. When I click on other credientials, I get a logon screen and can log in directly. There is no logoff flash, I am signed right in.
Also, I am able to use a non-admin user to sign on, rather than mandating an admin.
mercredi 24 août 2011 22:32
Never mind. It was acting up because I didn't run the install script as Admin.
Now that I've done that, it seem to be working fine.
Thanks again. You have made me a hero to my boss.
vendredi 23 décembre 2011 17:59
This was a good idea SandcastlingRon but in my tests it only works if the console session is active (if that's the correct term). By that I mean, if the PC is locked this doesn't log off the user, though psshutdown states "Console logoff initiated on [pc name]". When the user was active in the console session the command kicked them right out.
FYI - I've tested the custom DLL provided by Oliver F and it works very well. We're now trying to determine if it's truly legit and supported by MS.
vendredi 23 décembre 2011 18:11
Works great Oliver, thank you! We're going to have to get it signed off by management for use in our environment and I'm hoping this won't be too much of a problem.
Any word on MS including the fix in a future Feature Pack or something?
vendredi 23 décembre 2011 21:02
And failing a (positive) response from MS, what do you say to moving the project to a better home? As near as I can tell, the only way to find out about this very useful tool right now is if you just happen to bump into it in this one specific thread.
While I don't envision a great deal of development effort (if any) will ever be necessary for this project, perhaps SourceForge.net would make sense? It has CVS/SVN to keep track of the source code, a download area for the executable files, and the ability to make a web page that describes the thing.
I thought about just taking what you had posted and creating a project there myself, but even if I put your name all over the place and links to this thread, it would still have felt like stealing your idea/work.
vendredi 23 décembre 2011 22:25As an update, we're still in progress doing things with microsoft regarding this project. as much as i doubt that it will be included in a feature pack or something similar, i'll wait for this process to finish before doing anything else. here's hoping windows 8 reintroduces this feature out of the box ;)
mardi 3 janvier 2012 18:11
Thank you for your creative solution Oliver. I was wondering if you could help me. I tried compiling your source code with Visual Studio 2010 SP1, but I'm getting the following errors:
Error 1 error LNK2019: unresolved external symbol _LsaDeregisterLogonProcess@4 referenced in function "long __cdecl RetrieveNegotiateAuthPackage(unsigned long *)" (?RetrieveNegotiateAuthPackage@@YAJPAK@Z) C:\Users\user\Desktop\AdministrativeUnlock_Source\AdministrativeUnlock\helpers.obj AdministrativeUnlock
Error 2 error LNK2019: unresolved external symbol _LsaLookupAuthenticationPackage@12 referenced in function "long __cdecl RetrieveNegotiateAuthPackage(unsigned long *)" (?RetrieveNegotiateAuthPackage@@YAJPAK@Z) C:\Users\user\Desktop\AdministrativeUnlock_Source\AdministrativeUnlock\helpers.obj AdministrativeUnlock
Error 3 error LNK2019: unresolved external symbol _LsaConnectUntrusted@4 referenced in function "long __cdecl RetrieveNegotiateAuthPackage(unsigned long *)" (?RetrieveNegotiateAuthPackage@@YAJPAK@Z) C:\Users\user\Desktop\AdministrativeUnlock_Source\AdministrativeUnlock\helpers.obj AdministrativeUnlock
Error 4 error LNK2019: unresolved external symbol __imp__CredPackAuthenticationBufferW@20 referenced in function "long __cdecl KerbInteractiveUnlockLogonRepackNative(unsigned char *,unsigned long,unsigned char * *,unsigned long *)" (?KerbInteractiveUnlockLogonRepackNative@@YAJPAEKPAPAEPAK@Z) C:\Users\user\Desktop\AdministrativeUnlock_Source\AdministrativeUnlock\helpers.obj AdministrativeUnlock
Error 5 error LNK2019: unresolved external symbol __imp__CredUnPackAuthenticationBufferW@36 referenced in function "long __cdecl KerbInteractiveUnlockLogonRepackNative(unsigned char *,unsigned long,unsigned char * *,unsigned long *)" (?KerbInteractiveUnlockLogonRepackNative@@YAJPAEKPAPAEPAK@Z) C:\Users\user\Desktop\AdministrativeUnlock_Source\AdministrativeUnlock\helpers.obj AdministrativeUnlock
Error 6 error LNK1120: 5 unresolved externals C:\Users\user\Desktop\AdministrativeUnlock_Source\Debug\AdministrativeUnlock.dll AdministrativeUnlock
Do you know what the problem might be?
mercredi 4 janvier 2012 07:14do you have the windows sdk installed? seems like he can't find certain external dependencies. try to check the dependencies tree in the project viewer and/or reinstall the windows sdk (7.1 i believe).
jeudi 5 janvier 2012 04:13I'll bet you are doing a debug build. In the configuration for debug, secur32.lib was omitted from the list of libraries. Either change to release, or add the secur32.lib file.
jeudi 5 janvier 2012 15:55
LGS, you were right about me doing a debug build. I thought that might be the problem early on since it was a DLL and debugging didn't seem right, but I dismissed it and moved on to other possibilities. I've never worked with compiling DLLs before. Thank you both for your assistance.
Hopefully Microsoft will bring back native support for this solution in the near future. Like others, I maintain computers at a university and people walking away and not logging off is a constant problem.
jeudi 2 février 2012 01:14
Do you have any kind of deadline in mind for how long you want to wait for "this process to finish?"
For those who are keeping track:
- This thread started: May 14, 2010
- Oliver first mentions his solution: May 18, 2011
- Oliver first posts his solution: June 10, 2011
Depending on how you want to measure it, we've been waiting for MS for 8 or 9 months to "do something." Seems like a long time to me.
jeudi 2 février 2012 07:33
I have no idea how long it will take, but i thought i'd chime in with my thoughts regarding your offer to transfer the project to Sourceforge. I thought about doing that myself back when i first released it, buti cannot commit myself enough to actually doing it, so i'd be more than happy if you'd do it. As long as my name appears somewhere even once, that's more than fine by me. I didn't create this so that noone can use it, sharing is caring.
So if you come around creating a Sourceforge project for this, please go ahead and do it. Just maybe leave a link to the project site here. Seeing as Windows 8 will be BETA soon and RTM later this year, i'm starting to wonder if we'll need to develop something similar AGAIN or if the functionality found it's way back into the core system. If we need to do it ourselves again, at least this time we'll be ready for a near 0-day release :)
samedi 4 février 2012 09:02
SourceForge projects must be based on Open Source licences. Looking at the license doc for the SDK (where most of this code came from), that doesn't appear to be possible. In fact, MS's terms seem to intentionally and explicitly exclude OS licenses, even for code derived from their sample code, even if your code "adds significant primary functionality to it."
So, unless someone reads these terms differently than I do, or unless someone is prepared to reproduce the functionality of these ~2,000 lines of code "inspired by, but not copying from" this sample, I don't see a way forward at SF.
Maybe MS's CodePlex would be a better home? Does anyone know what the rules are over there?
mardi 14 février 2012 19:52
Works great, very grateful.
Rafael J López
jeudi 23 février 2012 16:11
Wow this thread had been running for a long time!
There is a third party product that allows you to set which users (not necessarily admins) can unlock the system. Have a look at Unlock Administrator
samedi 25 février 2012 18:46
I'm also facing the same problem. I have forgot my password and now I have no access to reach or open the windows. I'm using windows XP 7, if there is any solution you have about this problem so please tell me because I've immediately need to open the windows for doing some important work about study. If there is any solution of anyone have about this problem so please mail me on this site email@example.com
mardi 6 mars 2012 09:03
You should give a look to UserLock.
Among other features, this 3rd-party solution will allow you to remotely lock or logoff any session (even sessions with local accounts), either from the administration console or the Web interface.
A fully-functional trial is available here.
François Amigorena | President & CEO | IS Decisions | www.ISDecisions.com
mercredi 7 mars 2012 16:29UserLock allows you to LOCK or LOGOFF but the question is to UNLOCK which this product does not allow you to do. Besides Unlock Administrator I have not found another product that allows you to unlock.
vendredi 16 mars 2012 15:48
Thanks Oliver, this solution works great!
One question, do you know where in the source file and if it's possible to change the verbiage in the "Other Credentials" button?
vendredi 16 mars 2012 21:03The Credential Provider and the text you mentioned are two completely seperate identities. The "Other Credentials" button is hidden somewhere else, in what has been "GINA" and is now called winlogon as far as i know. No "documented" way to change that i'm afraid.
mercredi 11 avril 2012 10:27How about an official hotfix to fix this issue in the logon screen itself instead of a credential provider?
mercredi 11 avril 2012 20:20Good luck with that. And for those who were hoping W8 would be better, doesn't look better to me.
jeudi 12 avril 2012 06:19Yeah, Microsoft took that out by design, the reason being along the lines of "if a user locks his session, he expects it to be still there when he returns to the PC". The good news is that AdministrativeUnlock works under Windows 8 (Customer Preview), albeit there are some minor problems that need some looking into. Though i deem that rather useless until RTM.
mercredi 18 avril 2012 12:26
The link above is giving me a 404 error. Is it still active?
vendredi 20 avril 2012 00:06
There are 2 links up there. Use http://cid-9363831414c526a5.office.live.com/self.aspx/Public/AdministrativeUnlock.zip
vendredi 20 avril 2012 20:39
I'm still getting a 404 on this link, but very interested in the file. Can someone send the file or re-upload?
vendredi 20 avril 2012 22:50Are you still trying the filefactory.com link? That won't work. The live.com link I posted should work correctly.
lundi 14 mai 2012 23:12
Hi, i was also facing the same problem. As a quick solution i tried following..
Please note: This is not a permanent solution but still it helped me to resolve my issue..
- Open "mstsc" from another computer and put your machine's name there
- Then it will show you that one user is corrently logged and also it will give you an option to use other credentials to login to this machine. Put other (admin) users credentials there.
- This will force logoff for the current user and take you inside the machine.
- Here you go!!!! you can do your stuff via RDC or you can go physically there and access that machine using other users credentials.
Hope this may help for my friends..
- Modifié Raj510 lundi 14 mai 2012 23:13
mardi 15 mai 2012 15:40
Thought I'd chime in as we are experiencing a similar problem at the college I work at: i.e. the need to disable fast-switching for performance but still be able to unlock users from the machines they leave themselves logged and locked onto.
Our IT support use a tool called ABTutor (www.abtutor.com) which enables them to remote view and control all the workstations in the college. We've discovered that this tool is also able to log off a user remotely - just bring up the machine that's been reported and log them off, easy. It's licenced per installation and for us that's just two machines controlling 800 workstations.
The RDP option works fine, but obviously takes ages as you log on then back off again.
jeudi 17 mai 2012 15:53I work for a college and we are looking to roll out this very neat fix you have developed. We can get it working fine on windows 7 Pro 32 bit, however on 64bit after installing it as per your instrctions the PC boots up and does not display a login box. Any ideas what we may have done wrong in installing it? And we have checked manually that the reg keys and the dll file is present. Any help would very much be appreciated as we would like to use your fix on all our PCs.
vendredi 18 mai 2012 04:33
The machine I am typing this on is W7 64bit. adminunlock works here just fine.
The install for this tool is pretty darn simple. There's not a lot that can go wrong. Especially since you say the registry is correct and the file is there.
About the only thing I can think of is that somehow you've ended up with the x86 dll file. Have you checked the size of the file? And the file didn't (somehow) end up in the syswow64 directory rather than the system32 directory, did it?
vendredi 18 mai 2012 11:29
Thanks for your reply. Checked the file sizes to ensure that we had the correct one copied and into the c:\windows\system32 folder. I downloaded the whole mechanism again to ensure that the 64bit dll file hadn't become corrupt on download. As you say is very simple install and so I am wondering if it is not the install that is the problem but some rogue setting on our PC image that is clashing with this mechanism. Weirdly we also had this issue if we install Movie Maker as on next reboot the login box disappears. No idea what the possible connection between these two are! So.....we have now created a standard win 7 64 install without any GPO settings or software and this mechanism now works. So definately a clash in our image. Now begins the long search for the proverbial needle.....thanks for your help.
vendredi 25 mai 2012 19:02
OK, what am I missing here?
Windows 7 Pro. A user has machine locked. Do not want to just shutdown machine, so install the s/w above.
Follow all instructs. Install s/w as admin, lock PC as admin, hit ctrl-alt-del and get displayed the locked user acct., and the prompt in the form of a key in a field of yellow, to unlock the PC (or something along those lines).
When I do the unlock user acct thingy, it comes back to the ctrl-alt-del, and it has definitely unlocked the acct, my administrator acct. The user acct. that I wanted to kick off in the first place is still sitting there locked.
I thought, maybe if I just log off, then I will get the unlock user acct key icon option, and that will kick off the user. Nope, in that case I just get the genric screen showing that the user has the PC locked, and I can log in as that user, or I can log in as another user. No little option to kick off the other user.
Enable fast user switching is not enabled or disabled if that makes any difference. It is not configured. Does that have anything to do with this?
mercredi 30 mai 2012 01:04Have you tried Unlock Administrator? Very easy to setup and has a nice little configuration program. With the configuration program you can set exactly who (not necessarily and administrator) can unlock the system. They can either be set to unlock the other session or immediately log off that session. It is a lot easier that tweaking a little hack.
mardi 19 juin 2012 19:32
I'm not that great at programming, but is there a way to add a Log Off button to the Admin Unlock DLL file?
My current workaround to allowing users to logoff another user (this is so they do not have to call help desk, get frustrated from the wait time and power off the machine) is to hack the Utilman.exe and essentially turn the Ease of Access button to a logoff button. It's not pretty but it works.
mercredi 4 juillet 2012 14:06
I came here after the very same problem, but figured out an even easy way for accomplish that: SCCM Client Center (http://smsclictr.sourceforge.net/).
We do use this free tool for SMS/SCCM endpoint management, and it has, under "Agent Actions" -> "Install/Repair" tab, buttons for Logoff, Restart and Shutdown.
Works like a charm - providing you know the name of the computer you are about to log the user off.
jeudi 13 septembre 2012 09:00
that is not good habit,, I suggest that one of your colleague of staff have an delegated authority to reset the user account only but not an administrator level only account operatos is enough..Now, in regards to the situation dont force shutdown the system but rather change the group policy seetings not the default one.
Hope it will help you and dont forget to vote as helpfull
jeudi 20 septembre 2012 12:48Unlock Administrator works only for 64bit on Vista and above. The 32bit version is for 2000, XP, and 2003.
jeudi 20 septembre 2012 13:29
Your question is how to unlock other users,,simply check the group policy management console or type gpedit.msc look the users configuration then
just make filter options so as easy for you to find..
Just give me feedback if its helpfull to you!!
mardi 25 septembre 2012 13:47
It looks like they now have a 32-bit version for Vista and up on their site at http://www.e-motional.com/ULAdmin.htm
mercredi 31 octobre 2012 12:10
Your tool is great, thank you a lot for giving it to the public audience!
I found one bug: the application does not accept the login in the form DOMAIN\logon - it reports "the specified username or password is invalid". Using firstname.lastname@example.org works fine. Is it possible to correct the application to accept DOMAIN\logon names?
mardi 20 novembre 2012 01:17
Thank you very much for this fantastic solution you have provided for this problem. As previously suggested, the option to have a "System Unlockers" group that was queried instead of the default "Administrators" group is one that would be much more suitable to our environment.
I got ambitious and grabbed your source data to have a look to see if it is something I can manipulate to do what we need; however, I am not very good with C++ and am a bit overwhealmed with the code.
Can you please advise if there are some simple changes we can make to this work for us?
Hope you can help, thanks in advance,
lundi 18 mars 2013 15:18
What GMat said is also my question.
Could you create something that everyone can force logoff?
I'm working on a primary school en would like if the students can logoff others that has forgotten to logoff.
I don't like to create a user that have local admin rights...
Hope you can help and thanks in advance,
lundi 25 mars 2013 06:18
Unlock Windows 7 password by logining as another account with admin privileges.
If you have another user account which has admin privileges, you can easily unlock Windows 7/XP/Vista password by using "lusrmgr.msc" or "Command".
Let's see how to unlock Windows Vista password with "lusrmgr.msc" and draw inferences about other cases from one instance to unlock Windows 7/XP password.
1. Login Windows 7 as administrator. Click on Start, type lusrmgr.msc in the Search Box or Run Box(press both Win+R keys to open Run Box), click OK button.
2. Local Users and Groups dialog appears, open Users folder. Right-click an user account and select "Set Password".
3. When a dialog pops up, type a new password twice, type a password hint or not, click OK.
Note: This method will lead to lose access to all its encrypted files, stored passwords, and personal security certificates.
Unlock Windows 7 Password with CMD (Command or NetUser)
This method won't lead to lose anything, it is safely.
1. Logon Windows 7 as administrator.
2. Click Start, type cmd in the Run box (press both Win+R keys to open Run Box) )or Search box and press Enter key, open CMD.EXE.
3. When the CMD window appears, type in net user, it will show you all the user accounts of your Windows 7.
4. Type net user "user name" "new password" (replace "user name" and "new password" with yours), press Enter.
5. It will show you the command completed successfully, this means that you have successfully resrt the user's password. Restart your computer and login with new password.
vendredi 5 avril 2013 11:53
jeudi 2 mai 2013 09:15
The area of interest is in the file CSampleProvider.cpp at line 394. In my verison of the code, this line reads as
bIsAdmin = groupSids.GetAt(i) == ATL::Sids::Admins();
You can try to change that to
bIsAdmin = groupSids.GetAt(i) == ATL::Sids::PowerUsers();
to allow all members of the PowerUsers group to unlock. Alternatively, if you want anyone to be able to unlock, change the line to
bIsAdmin = groupSids.GetAt(i) == ATL::Sids::Users();
This allows all members of the "Users" group (which by default should be any User) to unlock a machine. I don't have the required testing environment anymore, so i cannot make these changes myself, sorry.