This topic is resolved

Share

This topic contains 1 reply, has 2 voices, and was last updated by  Michael Pietroforte 2 weeks, 4 days ago.

  • Author
    Posts
  • #324703
     Ben 
    Participant
    • Topics: 1
    • Replies: 0
    Member Points: 66
    Rank: Level 1

    I’m trying to Logon/Unlock local screens on multiple computers from a single computer (Instructor). I initially had it working as long as all the computers have administrator privileges. I setup Remote Desktop and use Remote Desktop Plus to logon to the computers via a batch file using an encrypted password. Then once logged on, I execute the following powershell command:

    @powershell -NoProfile -ExecutionPolicy unrestricted -Command “$sessionid=((quser $env:USERNAME | select -Skip 1) -split ‘\s+’)[2]; tscon $sessionid /dest:console” 2> UnlockErrors.log

    This then drops my connection and allows the local display on each computer to be displayed logged on and ready to go. It also works for simply unlocking the screen. This was great until I had to change the account to Standard User.

    Is there a way to allow the Standard user account to execute the powershell command above in the manner I am describing? The main thing I need to do is have the ability to remotely unlock/logon to systems so trainees can use the computers without having them to know the local passwords or any local logon interaction. I also need to be able to lock the screens remotely as well which I can do as administrator using the following:

    start psexec.exe -i computername -s C:\Windows\System32\rundll32.exe user32.dll,LockWorkStation

    The instructor cannot know the password as they logon with a smartcard and use a PIN with an account that is already linked to the user account locally.

    Any input/ideas would be appreciated.

    1+

    Users who have liked this topic:

    • avatar
  • #329137
     Michael Pietroforte 
    Keymaster
    • Topics: 138
    • Replies: 337
    Post count: 1046
    Member Points: 7,244
    Rank: Level 1

    You can give standard users access to PowerShell remoting and you can configure what things users are allowed to do. Make sure that you understand the procedures in detail, otherwise you will introduce a security problem in your network. It would be great if you tell us how you configured your environment to solve the problem.

    0

You must be logged in to reply to this topic.

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account