Other People Logged On To My Computer

[petercallen]

Sometimes when i shut down my computer a message comes up saying other people are logged on to this

computer and if i continue shutting down they could lose information.

I am the only one using the computer at the time, is it possible to log on to my computer from another source

and if so how can i stop this happening.

[Beggar]

Do you use a wireless connection? Then there could be other users sharing it with you if you do not have enough protection against this. Could be a virus too.

In any case the first thing I would do is to switch off the file and printer sharing for any network connection if you do not need it. You find this (WinXP) in Control Panel -> Network Connection. Right click on the connection and under Tab General you will find File and Printer Sharing. Untick this to switch it off.

To be on the save side there should be no folder with the hand holding it what means that it is shared.

[Cuban]

Sometimes when i shut down my computer a message comes up saying other people are logged on to this

computer and if i continue shutting down they could lose information.

Only sometimes? That would suggest someone remotely accessing the computer as a regular software application would report this every time.

...is it possible to log on to my computer from another source and if so how can i stop this happening.

Yes, it is possible. How to stop it depends on what Operating system you are using, how you connect to the outside world and how well patched and protected your computer is?

Do you understand things like anti virus software and firewalls - do you have a wired ADSL connection - does the router you use or the computer have a wireless adapter, Wifi etc. Do you live in a building that provides a shared internet connection? Are there rooms nearby (30 meter radius) that might be pigging backing on your connection. If they are using remote links via the internet they could be on the other side of the planet.

First step is a good virus scan, AVG is free and a download away.

[MTH]

Most likely this is a non issue.

Do you have additional user accounts on your computer?

If you do. Then this is the standard message from Windows if that other user didn't log out when they were done.

This will occur if that user selected "Lock Computer" or "Switch User" when they left. Or maybe you have a screensaver that locks the computer after some idle time.

Either way, that user would still be logged in, with their current session in memory and you will get this warning message.

[petercallen]

Thanks for the information, i have been using a computer for less than 2 years, i do use a wireless connection

but it is secured with a pin number, my granddaughter knows more about computers than me, i will ask a couple

of my neighbors if they can sort it out for me.

Thanks again, Peter

[welo]

All good advise given so far.

If you run remote desktop sharing or terminal services, then someone may, in fact, be logged into a separate session on your computer. This typically requires Windows 2000 or 2003 server for true simultaneous multiple sessions. [note: this article dates back to Windows XP times (2006), I guess some versions of Vista and Windows 7 do allow multiple user sessions]

Fast user switching is another case where more than one person can be "logged in" to your machine at the same time. Only one logged in user can actually be seen and used, but the other remains logged in in the background. In Windows, if you select "Switch User" when you Log Off, you're not actually logging off; instead, you're simply putting the current user into the background and logging in as a second user. Fast User Switching must be enabled for this feature to work.

In both of the cases above, if you attempt to shut down your machine, you'll get the warning "There is another user logged onto your computer" because there is. Either the remote desktop user, or the account that you switched away from. Naturally shutting down the machine will force them to be logged off as well.

The other common cause of this message is Windows file sharing on a local area network.

If you create a file share on your system such that another machine can copy file from, or possibly to, your machine, that creates a type of remote login. Depending on your network and security settings, among other things, if machine 'B' is connected to a file share on machine 'A', then it is, in a sense "logged in" to machine A. It's a different type of login, but many of the same concepts apply. Perhaps most importantly, much of the same security infrastructure applies.

The net result is that if another machine on your network is accessing files on your machine, then "There is another user logged onto your computer" may result if you attempt to shut down your computer.

source: http://ask-leo.com/why_do_i_get_there_is_a..._shut_down.html

[kiwiinasia]

I used to get this years ago when using XP (I think), and it was caused by TCP/IP connections to an SQL server if I remember correctly.

No network connections at all, just windows getting confused over what was connected by TCP/IP.

Could be this ?

[welo]

He is 'using a computer for 2 years', do you really think he runs a SQL server?

Otherwise interesting piece of information.

welo

[rreddin]

He is 'using a computer for 2 years', do you really think he runs a SQL server?

Otherwise interesting piece of information.

welo

I run Office 2003 Professional with the small business pack. It came pre-installed when I bought my computer. It runs MS SQL server. If I turn off the SQL server, many of the functions attached to Outlook are unavailble, so I let it run. I have no SQL knowledge.

[welo]

I run Office 2003 Professional with the small business pack. It came pre-installed when I bought my computer. It runs MS SQL server. If I turn off the SQL server, many of the functions attached to Outlook are unavailble, so I let it run. I have no SQL knowledge.

Ok, sorry, didn't know that. Seems Outlook is way to bloated

Did you notice similar issues as the OP?

welo

[nam-thip]

I run windows XP and used to have the same problem and after making a few changes in user accounts which you can find in control panel it never happened again

[Cuban]

Another thought that occurs to me; if the computer was built by a third party (Typical Thai IT shop) they often install from a standard image on their LAN using a standard superuser account knowing that the computer will come back for repair from time to time. That user name maybe appearing as the owner 'user' within those users/owners listed within the tasklist. If so I agree a non-problem.

An easier approach might be to look at the wireless router's security and see how many computers are attached to it.

If the OP reads off the name/model from the wireless router we can give you a simple (hopefully) way of checking.

[2008bangkok]

It is most probably some kind of virus, this only comes up when a second person is also logged onto the machine, if somebody was also using your wireless connection then they would be attached to your router and not the PC,

[welo]

It is most probably some kind of virus, this only comes up when a second person is also logged onto the machine, if somebody was also using your wireless connection then they would be attached to your router and not the PC,

I guess what Cuban meant was to check if somebody else is connected to OP's wireless router then this person might also have tried to connect to his/her PC, causing said issue.

[2008bangkok]

It is most probably some kind of virus, this only comes up when a second person is also logged onto the machine, if somebody was also using your wireless connection then they would be attached to your router and not the PC,

I guess what Cuban meant was to check if somebody else is connected to OP's wireless router then this person might also have tried to connect to his/her PC, causing said issue.

This messgae can only happen if the person is logged on to the machine locally or the machine is a server if somebody tries to logon to the machine by remote connection then the pc screen would go blank when the person is connected

[welo]

This messgae can only happen if the person is logged on to the machine locally or the machine is a server if somebody tries to logon to the machine by remote connection then the pc screen would go blank when the person is connected

This information is correct but not complete. Please read post #6 on this thread which quotes a good article that describes in detail what can cause said message. If the article is correct a connected file share can also cause the same message.

Assuming that the router protects the PC from remote connections from the internet (NAT) an 'attack' is likely to originate from the local network, hence somebody 'hacking' the wireless connection to the access point (here the wireless router) is possible and can easily be ruled out by checking the list of connected devices on the access point (wireless router).

Of course a trojan infection that opens a backdoor to the PC and allows attackers from the internet to connect in a similar way is also possible. I am not sure though if such trojans usually use standard windows features and would hence trigger such a message or they implement their own remote control protocol to avoid being detected like that.

I personally would rather consider a more mundane explanation such as some issue with Windows XP Fast User Switching and turn it off (see nam-thips post) to rule out this possibilty first.

However, I would not ignore the problem since it might be a sign for a very serious security problem.

welo

[OxfordWill]

windows considers any connection to itself as a "logged in user". Many software bundles actually "log in" to your system when they are opened. This can even include antivirus. Click task manager then click users to see which real users are logged in. I bet you find youre the only one, and you still get this msg. Pretty much all the replies in this thread are wrong.

Edited April 17, 2010 by OxfordWill

[welo]

windows considers any connection to itself as a "logged in user". Many software bundles actually "log in" to your system when they are opened. This can even include antivirus. Click task manager then click users to see which real users are logged in. I bet you find youre the only one, and you still get this msg. Pretty much all the replies in this thread are wrong.

Users connected to file shares on the PC will not show up under TaskManager/Users.

Instead goto Control Panel / Administrative Tasks / Computer Management then browse to System Tools / Shared Folders / Sessions to check for active sessions.

No idea where those 'software bundles' that 'actually log in to your system when they are opened' would show up, since I never experienced such a behavior.

Your statement is pretty vague, what kind of 'connections' are we talking about? I'm pretty sure that TCP/IP connections do not trigger such a message in general. But I see that there might be applications that do, as rreddin pointed out SQLServer/Outlook as a possible cause.

I consider a statement such as 'pretty much all the replies in this thread are wrong' as pretty arrogant.

Furthermore you didn't really bother trying to help the OP solve his problem.

Did you actually bother to read the whole thread before coming up with a statement like this?

welo

[OxfordWill]

"Users connected to file shares on the PC will not show up under TaskManager/Users."

No they won't (as I mention that only shows "real" users) but they will cause that msg to appear.

He doesn't need any help, it's a non issue. I've seen it a million times. The chances of it being something to worry about are minuscule. Ergo any post reply saying its a problem is all but certainly "wrong" and misleading. I'm correct- which differs slightly to arrogance (except in the minds of the incorrect affected hordes).

Edited April 18, 2010 by OxfordWill

[Cuban]

This messgae can only happen if the person is logged on to the machine locally or the machine is a server if somebody tries to logon to the machine by remote connection then the pc screen would go blank when the person is connected

No, that is not correct. Many remote access applications both legit and malware allow the local screen/keyboard/mouse to remain active while either control is shared or passed to the remote computer. Either way I did not say (mean?) that as a probable cause. Besides malware that is interested in capturing screen information generally takes a snapshot after the screen memory is updated and sends that out to the black-hat as a compressed image file rather than attempting to stream video/screen updates. Uses to much bandwidth - too slow and can lead to discovery.

Of course a trojan infection that opens a backdoor to the PC and allows attackers from the internet to connect in a similar way is also possible. I am not sure though if such trojans usually use standard windows features and would hence trigger such a message or they implement their own remote control protocol to avoid being detected like that.

Indeed malware would avoid leaving an open connection while in use - as it would aid discovery.

I personally would rather consider a more mundane explanation...

Yes, I agree.