how a non-admin user can be allowed to unlock another locked workstation RRS feed

  • Question

  • Hi, what privilage or user right do I need to assign a normal user to be able to unlock a workstation?  We have a situation where users lock their workstations (which is good) but forgot to unlock.  Their boss wants to allow another designated person the ability to unlock the workstation and log that user off.  Thanks
    Monday, July 18, 2011 7:52 PM

All replies

  • They need Administrator rights on that machine.

    Why not get the user to inform the designated person of their password?  The security effect is the same.  I don't think this can be done by computer policy.

    If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer".
    Monday, July 18, 2011 8:07 PM
  • It really is an educational issue and it can be a pain with shared computers.  What is this environment like?  Is there a supervisor that could be given local admin rights?  Instead of making their domain account local admin just create a local admin account that they can use to unlock the PC’s when needed.  The idea being that if they don’t have access to their email and mapped drives etc. they won’t use it as a regular login and surf the net with it.  They still will be able to install software etc though so still not that secure.

    Depending on what their job descriptions are you may want to consider a shared account.  Do they need their own profile and email etc?  I have seen this done a few times for example a shipping clerk and the two would share a generic shipping email and logon.

    A terminal server can also be useful.  Just treat the PC like a thin client with a very limited autologon ID.  If they lock their sessions it’s on the terminal server and doesn’t interfere with other users ability to logon to the terminal server.

    Dave - http://www.dms-itconsulting.com
    Tuesday, July 19, 2011 1:36 AM