Admin cannot unlock workstation if user logged in workstation only with cached domain credentials.

  • 3207913
  • 11-Jul-2006
  • 28-Jun-2013

Environment

Novell Client for Windows v 4.91 sp2
AD domain environment

Situation

Admin cannot unlock workstation if user has logged in workstation only with cached domain credentials.

Help desk user is unable to unlock workstation after user logs in "windows only” using AD account

Admin's only choice if user is not around is to power off the workstation.


Steps to reproduce

1. login "windows only” as a non-admin user. In the GINA, Click the down arrow and select a domain login; windows will authenticate against cached credentials in the registry.
- OR -
login Windows only with user@domain-name.com to be logged in to the workstation using cached domain credentials.

2. Hit control-Alt-Delete and lock the workstation.

3. Attempt to login as user admin and unlock the workstation. You will not be able to select a local workstation login (as opposed to a domain login). ALSO

Unless admin has logged into the domain from this workstation before there will be no cached user credentials for Admin, and he will be unable to login and unlock the workstation.

By default, Windows NT will remember the 10 most recent logon attempts. See http://support.microsoft.com/kb/172931/en-us Problem is help desk tech who goes out to check a problem won't be one of those last 10 users.

Resolution

Defect has been entered.