There is, unfortunately, no proper answer to this issue in the standard
regime. An admin can FORCE the user-session to close, but cannot open or
examine the session before doing so. Thus, the admin has no idea if they are
destroying data or corrupting open files by so doing. This is a big problem
when users go home for the weekend, having forgotten to shut down.
With the MyLogon applet, a common password is used for computer-locking, or
for use of laptops away from the LAN. Thus, a colleague with authority can
unlock the computer without losing data, but there is still the option to
keep unauthorized (non-department) persons out. I feel this is a better way
of working.