We are running SafeBoot 5.1.6 and most of the client have WinXP SP3 installed. I have Single Sign-on activated, SafeBoot re-logon option on, forced screen saver option and administrator is allowed to logon .
If "user A" locked his/her Windows with Alt+Ctrl+Delete and then an SafeBoot administrator logon to this session, something weird happens.
First, the administrator will directly get into "user A" windows session instead of logging off the existing user. (Recall the normal windows logon mechanism, an administrator crendential will only log off the existing user session rather than getting into the Windows environment) Is there a way to fix it? I don't think it is appropriate for a SafeBoot administrator to get into user's session. Why I allowed administrator to logon screen saver is purely out of easier local support administration concern. An administrator can "unlock" the machine quickly if the user forget their password while the machine is offline.
Second, after logon with SafeBoot administrators credentials in this locked Windows (the case I mentioned above) if we lock the Windows again, "user A" will not be able to logon with his SafeBoot credential. It will return an error saying "Incorrect user logon". SafeBoot Admin can logon successfully though. Could this be a bug?
This is how it's designed to be. consider it an "enhancement" to Windows. There's no technical reason we have to log out the original user, after all, the screen saver is just that - it just hides the screen.
This design came from customer feedback a few years ago - people wanted the ability to break into a user session and see what they were doing. The reason the general user can't log back in, is to make it obvious that an administrator had touched the machine.
You can always turn this off from the configuration if it's not what you want.