Re: Detecting local user before stealing his machine

Kenneth Porter wrote:
I remote-login to a lab machine at a customer site. I don't want to
steal a session if someone is using the machine there. Is there
some way to tell if the machine's in use before I grab it?

Sooner Al [MVP wrote:
Depending on how you have the XP box configured you should be
seeing warning messages as described in this KB article...

http://support.microsoft.com/kb/280828/en-us

Kenneth Porter wrote:
Alas, that doesn't handle the case I'm dealing with. We use a
common user ID for lab machines as we're manipulating the product
(an automation system). The system is typically left running an
exercise loop to validate code. Forcing a logout on a running
system could be dangerous, as it would bypass any graceful shutdown
of the system under test.

If you are using a common logon username/password - you aren't REALLY
logging anyone out (in Windows XP).. you are merely taking over their
current session and locking the screen from anyone but that username and/or
an administrator. They can even take it back from you.

Now if you are logging in as a different username/password combination, you
would get a warning as directed to earlier. (Windows XP again.)

Now - you could look at the remote processes with many different tools - see
if anything is really utilizing the CPU/memory heavily.. Or write a
logon/logoff script that lets you know when someone is on that machine in a
variety of ways.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


.

Relevant Pages

  • RE: Best way to provide security when need a WindowsIdentity
    ... serializable - which is not a big problem when session is in-proc - ... throw away the username/password, and use that principal from then on ... then use windows authentication and all access of files and SSPI ... database queries is done under the WindowsIdentity of the user. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Best way to provide security when need a WindowsIdentity
    ... serializable - which is not a big problem when session is in-proc - ... throw away the username/password, and use that principal from then on ... then use windows authentication and all access of files and SSPI ... database queries is done under the WindowsIdentity of the user. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Best way to provide security when need a WindowsIdentity
    ... session will not work very well - WindowsPrincipal/Identity is not serializable - which is not a big problem when session is in-proc - but when you want to switch at some point to StateServer or SqlServer - this will not work. ... throw away the username/password, and use that principal from then on ... then use windows authentication and all access of files and SSPI ... database queries is done under the WindowsIdentity of the user. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • [Full-Disclosure] NessusWX stores credentials in plain text
    ... Username and password for various accounts stored in unencrypted plain text ... Vendor Response: ... For every session a directory is created named the same as the ... username/password settings for various types of accounts. ...
    (Full-Disclosure)
  • Re: Renaming a directory and user.
    ... logged on (during the current session)? ... his username/password (the SID is REALLY the user, ... Security Access Tokens are only rebuilt at logon/authentication time so ...
    (microsoft.public.windows.server.active_directory)