I'm trying to lockdown a computer after a user logs in using their domain user credentials. So once the user logs in they won't be able to use the computer until they enter a separate password that only supervisors will know. I don't need a domain wide solution as I only need this for one machine.
The computer is Windows 7 x86 Enterprise.
Answer
You could do this the other way around where the supervisor unlocks the machine and then allows the user to log in. I don't think the windows log in has support for easy two factor authentication. What you can do is encrypt the hard drive using something like truecrypt. When the system boots, it would ask for a password which the supervisor knows, and then it would boot into windows and allow the end user to log on normally.
The downside of this solution is that the machine would have to be turned off after the user is done or they would be able to log back in without the supervisor approval. That could be fixed with a scheduled task for the middle of the night though.
Hope that helps
No comments:
Post a Comment