Tom,
I'm assuming that you mean the following:
i) your vendor have a user account on the system, and not an
administrator account
ii) you want to keep it this way
iii) the console is routinely locked by administrator
In this case, I don't think there's an easy solution to the problem
which doesn't involve third-party software; I'm not aware of any way to
specifically delegate this right to domain users; assuming that this is
a domain server, your only bet without giving the vendor domain access
is to give them a local administrator account, which may not be ideal.
The only other solution for this is a tool which originally shipped with
the windows NT4 resource kit, called 'Winexit', which you could setup
(as a screensaver) to automatically logout after a certain period of
inactivity. If your administrators have a habit of leaving the
workstatio/server locked when they're not using it, this may be an
option, as you can set a suitably high timeout (several hours or days)
for the account to be logged out so that the console is freed up. An
article on this is online here:
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=4541
There are versions of winexit.scr available for windows 2000 and 2003
server also; a quick google gives me a direct download (referenced on
tek-tips.com) to winexit.zip, but this is on a non-microsoft website, so
download at your own risk:
http://www.dynawell.com/reskit/microsoft/win2000/winexit.zip
Oddly, I was unable to find a link to the windows 2000 resource kit on
microsoft.com easily, although I have downloaded this half a dozen times
before now.
http://support.microsoft.com/default.aspx?scid=kb;en-us;314999&sd=tech
(howto use winexit from the win2k service pack in windows xp pro)
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
(Windows 2003 reskit)
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/winexit.asp
(Documentation for reskit.scr in win2k3)
Again, short of third-party software, I don't think there's really an
easy solution to this which doesn't involve getting people to remember
to log off.
Hope that helped!
- James.
On Mon, 2005-02-07 at 21:07 -0600, Tom Milliner wrote:
Does someone know a way to allow a normal user to
release a server password protected screen-saver
without giving the user the administrator password?
I need this so that third-party support can access
our server via GoToMyPC when I am not there. The
password protected screen-saver blocks them from
remote access to fix problems. I cannot always be
on-site to assist by supplying the screen-saver
password.
Tom Milliner, CPA, MCSE
tom.milliner@verizon.net
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=4541
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
