My company is in the process of SAP GUI 7.40 distribution (upgrade from 7.30 to 7.40) and I’m experiencing problems with Logon Shield.
Explaining better, this is the first time I use the option of “Prevent user from being logged-on while job executes (WinNT only)”, reasons:
Despite my description about the whole scenario, my real problem is that the option “Prevent user from being logged-on while job executes (WinNT only)” changes the registry “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastUserSwitching” to value 1.
So far nothing wrong, but the problem is even after the setup, multiples reboots and long time waiting the option “Switch user” continues grayed out on Windows meaning that the registry key was not changed to value 0 by ITCM.
Please check if you have the logon shield configured to turn off fast user switching
How to Use the Logon Shield Configuration View - CA Client Automation - 12.9 - CA Technologies Documentation
details how to configure the logon shield
I was wondering if the documentation Richard referred you to helped you to configure the login shield configuration ?
Does this continue to be an issue ?
I read the documentation but I'm still having problems. On begining I was thinking that I would have to let the "Hide fast user switching" option enabled and after read the documentation, I tryed to Disable "Hide fast user switching" and set the "Maximum blocking time" to Centrally Managed" and with value of 120 minutes.
I waited for more than 2 hours and the "Switch user" doesn't turned back.
As you can see on image bellow I changed the "Maximum blocking time" to 10 minutes and worked as expected (The computer was rebboted, the logon was protected by Logon Shield and after the installation the Switch user was enabled again) waiting for about 10 minutes until press "Reboot Now"
But the problem is if I wait for more than 10 minutes until "Reboot now" (30 minutes for example) the option "maximum bloking time" acts (in 10 minutes I guess), the Switch user is enabled again, however I lost the ability to doesn't allow user logon when the machine is rebooted.
My last resource is change my package to a batch script and setting the registry key HideFastUserSwitching to 0 in the end of script execution, but I don't think that is a good solution.
Could you reduce the reboot prompt timeout from the default of 30 minutes? would this help?
I don't think that changing the reboot prompt will help, because the user can postpone the reboot action and I want users to have the chance to do this
can you raise this as a support case so we can take a look and see if there is a bug here.