I've got this working, albeheit differently on Win NT/Terminal Server, and 2K Terminal server. Here's an interesting little obfuscation exploit that works: 1) Log on to TS 2) run cmd.exe 3) do the F7 - Enter exploit This hangs the cmd.exe window, and this task cannot be ended normally. Now: 4) Log on as an administrator 5) Bring up Terminal Server Administration 6) Log off the user above The user's will disappear from the list. However, the user will still be logged on! Not only that, but the user can continue to excecute commands (except cmd.exe) for about 1/2 hour (didn't time it, so I'm not 100% sure). Also note, Terminal Server Administration may hang in this state when you try to do a user list. Cheers, Liam
