3
1
Is there a way to allow either the domain administrator or a specific group to unlock screen savers or locked systems in a Windows domain environment?
Here's our usage scenario. We have a mixture of Windows XP and Windows 7 systems. Some of the users access an IBM iSeries via the terminal emulator. When users leave a session open it blocks our day end processes. To fix that we have to access the users computer either by physically going to it or via LogMeIn and log them out of their "greenscreen". We are able to kill the terminal emulator or kill the sessions from the iSeries. However, that's not ideal as it can leave records in the business system locked.
Currently we're maintaining a list of usernames and passwords (bad idea, I know) so that we're able to login and close sessions when the've been left open and their computers have been locked. I'd like people to lock their systems when they step away and a screen saver would accomplish this nicely. However, I do need to be able to unlock those computers if somebody forgets to log out before leaving. Any suggestions?
Update 1: Unfortunately the enterprise app does not respect logout commands and free up the records. I did some research on grawitys comment. It looks like we might be able to use a custom credential provider on Windows 7. Here is a sample for Vista and Windows 7. We could use a custom GINA for Windows XP.
1Surely there must be a way to close the sessions from the server end? – Harry Johnston – 2012-02-22T23:18:53.287
1Have you tried using pskill to forcibly close the terminal emulator application on the client machines? – Harry Johnston – 2012-02-22T23:19:41.193
1I updated the question. We would prefer to not just kill the sessions as it leaves records in the system locked. This is an issue with the application that the vendor doesn't seem interested in working with. – dkwiebe – 2012-02-23T04:32:03.413
It's possible to force-unlock a Windows XP system given a certain magic command; the login system has been changed too much in Win7 though. – user1686 – 2012-02-23T10:57:15.217