Disable Fast User Switching for RDP (NOT HIDE ENTRY POINTS!)
Windows 7 Pro. I do virtually all my administration of 150 workstations (various domains and workgroups) remotely via RDP, and with Windows 7, I am finding more and more complications with Fast User Switching. Anything running under another user account may well interfere with what I need to do: it may slow me down by consuming system resources, or it may, in fact, lock files that I need to remove or update. When I log on remotely via RDP, I am notified that another user is logged on, but I have no option to log the other user off. If I then attempt to update a program that the other user has open, it may not update correctly because the other user has files in use. I have been told I can use WMI to force another user logoff. I could probably run shutdown -i and force the user off (but, of course, that might log me off as well). However, this is not a good approach; when I run updates, I typically connect to anywhere from five to 30 workstations simultaneously, and by the time I get logged onto all of them, I have no idea which had other users logged on and which did not. I would have to repeat on each of 30 workstations just to find out. I need a way to force-logoff the other user during my logon process. In the middle of running software installation, I may disconnect (NOT LOGOFF) from a workstation, take it to another site, then reconnect to the station to finish the installation. I may even just walk away from my computer for 15 minutes while updates are running. If a non-administrative user attempts to logon, it asks me for permission, but allows the user to logon if I do not manually deny it. All non-administrators must be automatically denied logon when I am logged on. It seems that disabling Fast User Switching would do this, but every time I have posted anywhere on the issue, I get another set of instructions on how to hide the entry points for Fast User Switching. That may work well for managing local logons but fails miserably to protect my administrative environment.
September 7th, 2011 3:20pm

Hi, As I known, if you are logged on to a remote computer (for instance, using Remote Desktop Connection), you can't use Fast User Switching on that computer. See Switch users without logging off Why does not use the WSUS for the updates? Or use SCCM 2007 to manage the clients? Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2011 4:36am

Fast user switching is what is responsible for allowing a user log on remotely as administrator while another user remains logged on (but disconnected). I want to disable this feature so that when I log on, it automatically logs off the other user. There are several reasons why system administration tools such as WSUS or SCCM will not work in my situation: 1. I manage computer systems for about 20 different companies, and not all have servers, so some of these computers are on domains, and others are standalone systems. 2. Windows updates are not the only progams that I need to manage. There are many other applications, some of which require removal and reinstallation during upgrades. I am not aware of any application I can use to uninstall a program, then reboot and reinstall, all automatically. I just need a way to: 1. Disallow anhy other user to log on while I am logged on as administrator. 2. Force another user off during my logon.
September 12th, 2011 11:00am

Hi, Thank you for clarifying the issue. After research, I found this is by design and we cannot enable the “Fast User Switching” but force the other non-administrator to log off when the administrator logged on at the same time. The only workaround in Microsoft is to disable the “Fast User Switching”. I do understand that this does not meet your needs. I will report this issue to our related department. Also, customers with a Premier contract with Microsoft can submit a DCR (Design Change Request) to request product teams to review the design based on your business case (filing a DCR does not guarantee changes to design). Thank you for your understanding and cooperation. Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2011 2:21am

Thank you, Sabrina. Please let me clarify a little more: I do want to disable Fast User Switching; however, I cannot find any way to do this. When logging on remotely, Fast User Switching is presumably responsible for two undesirable things: 1. Requesting permission from the logged-on user before allowing me to log on as administrator (I should be able to force the user off when I logon administratively via RDP), and 2. Allowing other users to log on when I am logged on remotely as administrator (no user should ever be able to log on when the administrator is logged on, even if the administrator is disconnected). I have tested hiding the entry points for Fast User Switching, and it does not do either of the following: 1. Allow me to force another user off when I log on remotely as administrator via RDP so that I can ensure I am the only user logged onto the computer. 2. Disallow other users from logging on remotely via RDP while I am logged on as administrator but disconnected.
September 13th, 2011 3:36am

Hi Brian, Base on the KB article 279765 How To Use the Fast User Switching Feature in Windows XP, when not using Fast User Switching (FUS) and a non-administrator is logged on, a member of the Administrators group can establish a remote desktop connection and has the ability to logon to the machine locally and gets a prompt to logoff previous logged on user. When an administrator is logged, any member of the Administrators group may establish a remote desktop connection. If a non-administrator attempts to connect, you may receive the following error message: “The user <Domain or Computer Name>\<username> is currently logged on to this computer. Only the current user or an administrator can log on to this computer.” In Windows 7, if the Fast User Switching is turned off, the Administrator cannot attempt to login locally. Administrator can do a Remote Desktop Session to the Windows 7 machine and put his credentials. Once he attempts to login, he gets a prompt that looks like below. “Once Administrator clicks on Yes, the User1’s session is disconnected.” After logging in, Administrator can launch the Task Manager, click on “Users” tab and logoff User1. The prerequisite for the Administrator to be able to do a Remote desktop session to the Windows 7 machine is to enable Remote Desktop services on the Windows7 machine. In the interim, when the Administrator is logged in and has not attempted to logoff User1 yet, if User2 tries to login, the Administrator will get a prompt that looks like below. “If the Administrator clicks OK, User2 will be allowed to login and the Administrator’s session will be disconnected.” This is a known issue. Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2011 1:44am

Thank you, Sabrina. Now I think you see the full scope of my issue. I can indeed disconnect other users, but only with their permission or a timeout, and other users can disconnect the administrator, which should never be the case. I cannot force a user to actually log off via RDP as I could in Windows XP Professional. If I am logged on as administrator, I may leave an update or installation running while I am disconnected--with the intentions of reconnecting later to complete the installation. I need to ensure that no other user can log onto the computer while this update/installation is running. I would challenge one phrase in your post: "...if the Fast User Switching is turned off...". From my research, there is no way to actually turn off Fast User Switching. All one can do is hide Fast User Switching from the user interface. This, however, does not change the logon behavior to provide a true one-at-a time logon; it simply masks Fast User Switching behind the remote disconnect feature, leaving the first user logged on with programs consuming system resources and files open that could potentially need to be replaced or updated by the administrator. I do thank you very much for the information regarding the Users tab in the Task Manager, as this does allow me to log off another user; however, this feature is less than useful for two reasons: 1. After connecting to perhaps 20 computers simultaneously via RDP, I will not be able to recall which had other users logged on an which did not, so I then have to open the task manager on each one to see if another user is logged on, and 2. It provides no protection for the administrator's logon while disconnected. Other users can logon whil the administrator is logged on but disconnected or even log on and disconnect the administrator just by waiting for the timeout to expire. The Windows XP functionality, which actually allows the administrator to logoff (not just disconnect) other users during the administrative logon and disallows other users from pre-empting the administrator, is what I need to properly manage my systems. There is apparently no way to obtain this functionality in Windows 7. When you indicate that the allowance for a non-administrator to disconnect an administrator upon timeout (i.e. without permission) is a "known issue", do you mean that: 1. This behavior is by design and that Microsoft has no intention of restoring the vastly superior functionality of Windows XP in this regard, or 2. Microsoft has acknowledged that this is yet another example of reduced functionality with Windows 7 and will treat this as a bug that needs to be resolved?
September 14th, 2011 3:50am

Hi Brian, We can only turn off the Fast User Switching via the group policy to set Hide entry points for Fast User Switching to Enabled which will hide the Switch user button in the Logon UI, the Start menu and the Task Manager. This is a known issue for the architectural limited. And there is not a solution to fix it yet. We can only provide the workaround in my last post. We had submitted it as Design Change Request (filing a DCR does not guarantee changes to design). Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 15th, 2011 12:49am

Thank you, Sabrina. I will use the Task Manager User -> Logoff as a temporary workaround and hope that the DCR is successful and that the Windows XP functionality is restored in Windows 7.
September 15th, 2011 11:41am

Has there been any updates to this issue since 09/11? This is really causing me great pain at the moment. Thanks. Dave
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2012 4:58pm

Nothing more. This is all just another of a long list of reason why every technical person I know prefers Windows XP to Windows 7. From NT through 98/2000 and up until Windows XP SP3, I spent less and less of my time managing complications like this and more and more time getting real work done. Windows 7 has just about entirely reversed that trend; I am spending more and more of my time working around issues like this and less and less getting actual work done. That is my two cents' worth.
April 18th, 2012 5:11pm

This is an issue for us too. Brian, I agree with you on the loss of functionallity in Win7 . This, and a number of other non resolvable issues, cause us daily issues when trying to manage 7000 clients. I am having th eexact same issue, and i was hoping for a resolution, but it looks liek there is no practical solution for this yet.
Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2012 12:16pm

Whole month I searched any solution, but vainly:( Administration of remote PC with remote deskop is very important part of administrators tools in each windows. This issue would be solved in interest of usability windows 7!!!
June 28th, 2012 3:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics