The solution to this problem was found on a StackExchange Server Fault thread. I am pasting the solution posted by the user Marcus here:
Figured out how to do it myself. It's somewhat of a workaround but that's what I expected to get.
- Alright, first step is to grab a program called AutoLogon.exe from Microsoft:
http://technet.microsoft.com/sv-se/sysinternals/bb963905.aspx
Stop! Don't cringe just yet. Read on...
- Run it, set it so that Administrator should log on automatically.
- Create a task in Task Scheduler. Set it to run only when user (Administrator) is logged on. Trigger is "at log on" and specify that it's only when Administrator logs on.
- Create a second task. Run only when user is logged on, trigger at admin log on. Action should be "start a program" and program is "C:\Windows\System32\rundll32.exe" with the argument field set to "user32.dll, LockWorkStation".
What happens now if you restart the computer is that Administrator automatically logs on, the program you want to start is started and the work station becomes locked. If I log in via Remote Desktop Connection I can see the program window and use the GUI. I can lock/unlock the computer with no problem and disconnect/reconnect as I please. There's no issue if I go to the server and log in at the actual workstation either. Since Administrator is already signed in the task will not run again (it doesn't create some infinite log-in-lock-loop that you can't break out of).
Simple as that. Granted there is a one second time period before the computer becomes locked after the auto login and I guess a pro hacker with physical access to the computer could do something sneaky during this time window but in my case I can overlook that security risk. As long as I don't let any pro hackers into my home and show them the computer the system should be relatively safe. Above all there isn't that much of value on the computer that needs super-vault protection so I'm quite happy with this solution.
No comments:
Post a Comment