> Not allowing to gain contol over the machine locally while the remote user is connected was intended as it seemed the safest choice.
Well, you should ask for a password of course 😉
Seriously, it should always be possible to regain control on the host machine. And it should “just work”. How should I know, that I can connect with another NoMachine to disconnect the first session, leave alone the command line commands? What if I have no other machine around? And if it is “any” machine, then I’d most likely have to install NoMachine first. What if the network is broken? What if NoMachine got stuck in some weird state while locked? What if… there are plenty of reasons why one needs to be able to always (force) unlock locally.
Your suggestions how to unlock might probably work, but they are not exactly intuitive…