Automatic start and log in of networked conmputers.

[Guest]

Our company insurers have recently issued an edict that all computers not
connected to an UPS must be turned off at night. This leads to users
spending time each morning starting their systems and logging and filtering
the overnight spam.

I have already worked out how to shedule a wake up on Lan call to or systems.

What I would like to know is whether there is a way to make the systems log
on once they have started up. I am thinking of forcing a log on locally
using a users own domain account via a script or utility running on a server
rather than making the PCs always log on automatically when they boot up.
Perhaps the pres CNTRL ALT DEL requirement makes this impossible?

 

[HEMI-Powered]

=?Utf-8?B?Q2hyaXMgQ2xhcmtlLVdpbGxpYW1z?= added these comments in
the current discussion du jour ...

Our company insurers have recently issued an edict that all
computers not connected to an UPS must be turned off at night.
This leads to users spending time each morning starting
their systems and logging and filtering the overnight spam.

I have already worked out how to shedule a wake up on Lan call
to or systems.

What I would like to know is whether there is a way to make
the systems log on once they have started up. I am thinking
of forcing a log on locally using a users own domain account
via a script or utility running on a server rather than making
the PCs always log on automatically when they boot up.
Perhaps the pres CNTRL ALT DEL requirement makes this
impossible?

My company, with many tens of thousands of PCs, also highly
encouraged a nightly shutdown. Why, I don't know because even the
minor security of a BIOS PW wasn't installed. But, starting back
up and logging into the network was trivial to do and wasted
little time as a user could start the PC, do their morning
housekeeping including get a cup of coffee, whatever, then come
back, login, and continue. Personally, since the last 5 1/2 years
of my career before retiring almost 6 years ago was spent in an
info security job, I don't know why one would want to auto-logon
large numbers of systems. Seems like it'd be more secure if a
human being needed to do so manually, which may be what your
management is attempting to do with its edict.

 

[Guest]

If it is a disciplinary offence to download porn, terrorist information, or
trade for gain over the internet in your organisation, none of your employees
should tolerate their computer being left on and logged in while they are not
at their desk. They could lose job, career, or liberty!

I would also be worried that most of your users get large amounts of spam.
If they all do without exception your e-mail system has likely been been
hacked. If only some do, then one or more of:
Some of your suppliers or customers have been hacked.
Some employees have been using their work e-mail to send to personal friends
with hacked PCs.
Some employees have been using work e-mail address to register on dodgy web
sites.

As a yardstick, in a calendar month I receive between 0 and 2 pieces of spam
at work, and since I changed ISP six months ago, 0 at home.

Not having a dig, but your insurers are right to be agitated.

 

[Guest]

Our company insurers have recently issued an edict that all computers not
connected to an UPS must be turned off at night.

This is IMHO a cause of concern from civil-liberties aspects. Governments
are increasingly making insurance compulsory on all manner of risks, and this
places insurers in the shoes of 'Al Capone' - they are effectively judge jury
and executioner, making-up their own laws as they go. Mostly, idiotic laws
too, because they have zero understanding of such things. It's time that
their powers to do this were curbed.

You can make domain computers autologon using the standard 'control
userpasswords2' method. It requires the removal of a registry block which is
put in place when the computer joins the domain:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\AutoAdminLogon, Type String, Value '1'

Remember to select the domain useraccount, not a local one.

 

[Guest]

The reason our insurers want systems turned off at night is that they are
worried about fire hazards! I thought my remark about the need to be
connected to an UPS might have been enough of a clue...

As for spam registering with your work email on any site even this one
elicits huge quantities of spam as does having a web site although most of
that is of course to made up addresses and never gets past the server.
Personally I am registered here with my Yahoo address because I know spammers
have harvested my work email address from Microsoft in the past, and I found
it a bit of an annoyance but easily avoided.

It is our development and support personnel who are of course allowed to use
their work email for private stuff if they want to who tend to be spam
targets and we actually allow all or users to filter mail, tagged as
suspected spam in their clients. It is the more regular email users who
find they need to use filtering the rest do not bother. There is no
security issue here as we do not use Outlook as an email client or Exchange
as a server partly for security reasons but mainly because of its very
limited functionality and old fashioned DOS user interface.

We would probably be interested in automatically starting up to perhaps 8 to
12 systems and automatically logging them on about 20 minutes before their
users arrived if this were possible. The automatic power up is of course no
problem but I don't want to set the systems to always log on automatically I
would be happy to schedule a local log in by remote command from a server if
that were possible but I suspect that it is by design not possible hence the
original question to see if anyone knew how to do it.