Well we had an idea, but scrapped it because it has some flaws. But I'm going to post what we had planned to do because someone else might be able to use it. In theory the idea will work. The teacher runs a batch file that executes a registry file on a Lab of computers, restarts them and they login under the pre-set username/password. Then a login script (or another batch later initiated by a teacher) wipes the registry entries so that the next time those computers are restarted they won't login automatically. It's big and silly but with a little bit of work it could have been decent. The reason it's not so good for us: a ) it would do this to every computer in a lab - sometimes students from other classes will use spare computers to do homework; therefore it's a bit of a security risk: the teacher would have to make sure they restart the computer before using it, so they don't use the primary login. or b ) the teacher would have to edit the text files containing the computer list based on which computers will be used in that particular class. All of a sudden it gets really fiddly. But that's only a problem because we have other students from other classes using those computers. If that weren't the case this idea should work. So here's some more specifics about how we'd have done it. 1. Batch or VB files with a psexec command to run a batch on all machines in a lab. This batch file contains: a ) the registry entry (with the primary class username/password and autologin settings - we'd make one for each primary login) b ) a vbs script which would set a environment variable: autologin=yes (this comes into play later) c ) a restart command Then the computers would restart and login as that particular class. 2. We would also have made a login script for all primary classes that removed those registry settings, so that on the next reboot they wouldn't login automatically. This script would be in AD and it would simply say: a ) if the environment variable "autologin" = yes, run another .reg file that reverses those settings A problem: the primary logins don't have the permissions to do that. So we looked at runas replacements that would encrypt passwords, etc... then we started to think "hmm maybe this isn't such a great idea anyway" But it SHOULD work! I know it's ridiculously long and stupid but if you work at a private school in Australia like us you'll understand how desperate we are to find a solution that doesn't involve spending money Hopefully that made some sense and is of some use to someone down the track.