Is it possible to delegate the right to log other users off? I'd like to give users the ability to log another user off of a computer, but I'm not willing to make everyone administrators to do so. We are currently on an 03 domain but are in the process of upgrading to 08. I know I can create a scheduled task to log the user off after a certain idle time, but don't really like that solution either.
I'm not talking about servers. I'm talking about standard client PCs (XP and 7) out in the house and I want average users to be able to log other average users off.
This replacement GINA should work for XP: http://www.paralint.com/projects/aucun/
Windows 7 I should be able to create an "on idle" task to log off the users after a certain idle time, which will at least unlock the computer eventually.
Had the same problem as you. It seems like a third party application called Unlock Administrator that lets you do just that. You can set exactly which users (even standard users) can unlock a system. There is an option to log off the user instead of just giving them access to the session. There is a separate version of XP and Vista/7
The simple answer is "No". There is no way to do this without giving them local administrator privileges.
The only two solutions that I'd know of that might help you here are the following:
You could prevent them from locking the workstations in the first place. Under User Config>Administrative Templates>System>ctrl alt del options you can remove "lock computer. Of course that might rise some security concerns...
On Domains you can enable Fast User Switing which may help maneuver around the Problem quite well.