My organization is using a combination of Windows XP and Windows 7
workstations in an ActiveDirectory domain. By policy, we do not permit
fast user switching; no more than one person may be logged in to a
workstation at a time.
We also have a problem of users walking away (distracted by multiple
tasks or situations requiring immediate response, not deliberate
abandonment) from the workstation and neglecting to log off. Education
is ... less than optimally effective. We have the system set so that if
the workstation goes idle, it locks, and requires the user to provide
their domain credentials to unlock the workstation.
On the Windows XP workstations, we can also provide an administrator's
credentials, and this will force the locked user to be logged off,
losing any open work, but not "crashing" anything.
On the Windows 7 workstations, we do not appear to have this option; we
must either have the user unlock the workstation - not always possible -
or "crash" the workstation (hard power-off and reboot). This is less
than entirely satisfactory. Is there a way to set the Windows 7
workstations to behave as the Windows XP workstations do, and allow an
administrator to supply his own credentials to force the locking user to
be logged off?
-- Jeff Zeitlin