Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251
Disable Administrator Logoffs
Disable Administrator Logoffs

Disable Administrator Logoffs
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Disable Administrator Logoffs Ishmealm 08-23-2006
Posted by =?Utf-8?B?SXNobWVhbG0=?= on August 23, 2006, 11:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,
I work in a large W2K3 Server environment with several server admins.
I'm having problems with other admins logging me off of servers that are
locked. More than once a scripts been stopped or a file copy has been
interupted. Is there a way to disable logoffs by the other admins? I'm ok
if it disables it for me as well. I'd like for the admins to get in the
habit of asking the person that's logged on,if it's ok to log them off.
Thanks,
Ishmeal

Posted by Steven L Umbach on August 23, 2006, 11:27 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I don't believe that is possible. You will need to inform users not to log
you off. Maybe they think that the screen saver locked the computer and it
would be a good idea to paste a note to the screen to leave it alone. The
security log should contain logon events to help you determine who is
logging you off. For Windows 2003 Server another admin could still access
the server via Remote Desktop if need be [assuming it is enabled and
available from the client computer] to access the server while the console
is locked and maybe not everyone knows that.

Steve


> Hi,
> I work in a large W2K3 Server environment with several server
> admins.
> I'm having problems with other admins logging me off of servers that are
> locked. More than once a scripts been stopped or a file copy has been
> interupted. Is there a way to disable logoffs by the other admins? I'm
> ok
> if it disables it for me as well. I'd like for the admins to get in the
> habit of asking the person that's logged on,if it's ok to log them off.
> Thanks,
> Ishmeal



Posted by Roger Abell [MVP] on August 24, 2006, 10:27 am
If you were  Registered and logged in, you could reply and use other advanced thread options
This is really a user communications/coordination issue.
MS typically does not provide ways to attempt to limit what
admins can do (since that really cannot be done).

What you might want to consider is to run your long processes
in disconnected terminal services logins instead of locking up the
console desktop, which, apparently others are needing to use.


> Hi,
> I work in a large W2K3 Server environment with several server
> admins.
> I'm having problems with other admins logging me off of servers that are
> locked. More than once a scripts been stopped or a file copy has been
> interupted. Is there a way to disable logoffs by the other admins? I'm
> ok
> if it disables it for me as well. I'd like for the admins to get in the
> habit of asking the person that's logged on,if it's ok to log them off.
> Thanks,
> Ishmeal



Posted by =?Utf-8?B?SWFu?= on August 24, 2006, 6:19 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
My normal approach on servers is to use automatic logon, and set the
ForceAutoLogon registry value. I do this because I likewise frequently need
to run processes in user-space that cannot be run as services.

For security you can set a timed screensaver with a password. (use the blank
screen, not a rotating logo which wastes processor time) Or you can run the
server 'headless' and remote adminster it. I much prefer the latter as it
largely precludes casual tampering but allows easy maintenance. Either way
there is a single common password to access the console, and you could change
this password regularly.

A server should in any case be sited somewhere that unauthorised people
can't go. If they can get at the keyboard unnoticed, then they can also take
a screwdriver to it, which makes software-security academic.




Similar ThreadsPosted
Auditing user login/logoffs January 24, 2006, 11:54 am
Disable DCOM? January 11, 2008, 1:07 pm
How to disable SSL Security Alert in IE July 11, 2005, 8:02 am
How to disable/prevent p2p bittorent ? July 11, 2005, 11:41 pm
Disable shutdown option August 24, 2005, 2:35 pm
Disable NIC when connecting via wireless January 9, 2006, 7:57 am
Disable Digest Authentication March 9, 2006, 3:07 pm
Disable Windows Firewall? June 1, 2006, 5:36 am
Auto Disable passwords? August 14, 2006, 6:30 pm
Disable CD ROM for Certain User Account October 30, 2006, 7:07 am

The site map in XML format XML site map

Contact Us | Privacy Policy