Windows NT could always remotely log out the current user when part of a domain. We had tools in place for our lab administrators to logout users if they found locked workstations. With Windows 2000 you could automate this through group policy
Can't this kinda be achieved with Windows and Windows Server with AD? You login to the server and it downloads the content for the session and when you logout the content is removed from the local computer?
I remember when in school they used to have this, which made logins take forever.
At least the windows 2000 pro and xp machines I used back in the day presented a dialog with both "lock computer", "open task manager", "switch user" or "log out".
Hmm not if your users are trained to press Ctrl-Alt-Del again... The login screen would also allow them to order the OS to log off the current session too.
The NT4 login dialog looks like those of NT3.51 or Windows 2000 (and XP Pro if you switch do a domain-based login). See e.g. the one of Windows 2000 (on a machine visible not jointed to a domain) here: https://old.reddit.com/r/Windows10/comments/uyau0h/is_it_som.... And AFAIK there's no way to bypass NT login dialog.
In Windows you'd hit Windows-L, which would take you to the login screen, and then they'd click "Guest" (or whatever alternate login you've set up). You'd still be logged in, and when they were done (or were giving it back to you for five minutes) you press Windows-L again and choose your own login to switch back to your still-running programs.
I'd be astounding if Linux didn't have an equivalent.
Windows solved this problem in the 90s by capturing a magic keystroke that only it had access to and requesting that the user enter the keystroke before logging in.
The developers at Microsoft searched for a keystroke that absolutely no application would be interested in using itself, and then they stumbled across the perfect one: Ctrl+Alt+Del (soft reboot sequence in DOS). That's why you had to press Ctrl+Alt+Del in order to log in to Windows NT based operating systems for a long time.
Xlocking workstations became a problem at our university. People would claim a workstation, lock it, go do something else (lunch, lecture) and then come back to their reserved workstation. So the admins added a button that you could log someone out if the screen had been locked for more than half an hour.
They didn't want to ban xlock because they cared about security.
At my old company, we had a system where we had a limited number of physical machines that multiple testers would need to remote into. We didn't want to disallow two people logging in simultaneously because sometimes that was necessary, and if someone stayed logged in then wen to lunch, where was no way to kick them off to get access without waling to the server closet, pulling up the machine on the KVM, and kicking them that way.
I wrote some VBScript that wrote a locking folder into a sub-folder in a network folder, then launched VNC targeting the proper VM. When VNC was closed, the script would complete and delete the locking folder. That let us know what was available and when. I always thought it was hacky, but at ~60 lines it's incredibly simple and has never really failed.
In high school I replicated the entire login UI of NT LAN manager (I think it was called) and had it save the password and then crash the machine (via c:\con\con). Asked the teacher to login for something and tada, admin password.
If you ever wondered why you have to press ctrl-alt-del to log in, that is why (nobody ever fixed this for Linux).
I one time saw a talk where they discussed the issue of having to make sure the mouse was in the same location on logout and login for his home slab and later dell laptop.
NeXT rendering engine was display postscript and they had a common set-up of rendering the DPS on a remote computer while logged in over a network.
The overall set-up meant that all the data was at headquarters and users could login in from any location and have a local DPS rendering of the centralized user account.
That works pretty well on Linux systems, where you can simply remote mount (usually NFS) your home directory.
For Windows, what's actually happening is that your user profile is getting copied to the system. Which is why logging off takes so long -- the profile is getting copied back to the server.
Do this on an underprovisioned and busy network, or worse, one on which work cycles are highly synchronized (e.g., students, in standard class blocks, over the course of a day), and where account profiles can grow without limit (at one point I had tools to ID and prune large profiles), and things go all to hell.
The Linux / Unix model actually can be quite useful, and it isn't too dissimilar from my own initial experience: console logins to the campus Unix network from dumb serial terminals (precisely zero local state).
Sun Microsystems did some work with this (in conjunction with their own hotdesking workplace experiments) as well.
The downside is when you're doing highly compute- or data-intensive work, in which case the amount of information transferred across even NFS links becomes problematic, and/or you need to provision some really beefy servers. At that point you likely want some sort of shared batch compute resource. Again, more easily accomplished under Linux/Unix than other platforms.
Windows has a Guest account that automatically resets the profile when logging off, erasing any software keyloggers etc. Likewise you can look at processes using Task Manager or Process Explorer.
That's really interesting. I wonder if the setting was automatically set to 'open Task Manager' when there was only one, unsecured user (and therefore nothing to lock or sign out of). I don't remember changing it, but this was of course well over a decade ago now.
reply