Windows session unlock by network

Question

I want to be able to unlock a windows (7 and greater) locked session by a network message send from my phone, when it's in close range of the pc. I was looking into a power shell script that can achieve this. The script should be executed when a message is received from the phone. This is a example that unlocks the machine when you are connected remotely to it: tscon $sessionid /dest:console I don't know if this is possible using a powershell command running from the suspended session. I also looked into pGina but that doesn't seem like a viable option. Can anyone lead me in the right direction to achieve this?

Answer 1

Okay, you can use tscon:

tscon $id /DEST:console

BUT you CAN'T do this when the console is connected AND locked. I guess it's already connected or some nonsense? Idk. You can tell this is the case when you have a "Switch User" button on the Lock screen, and you get an error 7045 or 5 "The requested session access is denied"

Anyway you first need to disconnect the session from the console while keeping it alive. You should be able to achieve this with:

tsdiscon $id

This will remove the session from the console and allow you to reconnect it, which automatically unlocks it.

So you just have to work out the ID then plug those two lines into an Invoke-Command and you're set. Note if you're invoking with a different username you'll need to specify the password of the session you're connecting.

EDIT: Or alternatively I guess you could use the /SERVER:$host parameter but you will certainly need to include the password in this case unless you're logged in to the same domain user.