VNC connect windows user permissions
I have a machine that is used infrequently by two users.
User1 uses the machine locally, and user2 accesses via vnc connect.
Ideally, User2 would never have access to User1's account. At the moment, if User2 connects whilst User1 has left the machine unlocked locally, User2 will be presented with User1's logged in session, despite only User2 having permissions to remote connect.
One option is to set 'QueryConnect' and 'QueryOnlyIfLoggedOn' as true, but I have found that even if User1 locks the machine locally, the prompt appears on the lock screen, when nobody is there to accept it, therefore User2 cannot connect at all.
Is there any way to automatically lock windows sessions upon VNC connection? At which point User2 can select their user account from the lock screen, and never have access to User1's account.
Or, even better still, as windows is authenticating User2, automatically login to User2's windows account and terminate the local session? (That is the behavior that would happen if connecting via RDP)