Re: Force user login after 15 minutes of idle time w/o using a screen saver

From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 08/21/02 

From: "Laura A. Robinson" <larobins@bellatlantic.net>
To: "Greene Paul" <greene_paul@bah.com>
Date: Wed, 21 Aug 2002 08:00:17 -0400

Okay, that's kind of weird. They want lockout, but they don't want to use
the built-in capability to do it? Have they said what the issue is with just
using a password-protected screen saver? The screen saver can simply be a
blank screen...

Laura
----- Original Message -----
From: "Greene Paul" <greene_paul@bah.com>
To: "Laura A. Robinson" <larobins@bellatlantic.net>
Cc: <focus-ms@securityfocus.com>
Sent: Tuesday, August 20, 2002 7:14 PM
Subject: Re: Force user login after 15 minutes of idle time w/o using a
screen saver

>
> It's a new client requirement (who shall remain nameless to save
> embarrassment, both theirs and my own). For some strange reason, they
> don't want to use just a plain old password protected screensaver, but
> they want a user to have to login again if the machine sits idle for
> more than 15 minutes (so, "lockout" is what they want, not "logoff").
> They don't use the NT resource kit, and they won't use "freeware" or
> "opensource" utilities.
>
> Paul
>
> "Laura A. Robinson" wrote:
> >
> > Those settings won't do it. The first one allows the forcing of a logoff
> > when logon hours expire, and the second is used to set parameters for
> > session disconnection. I'm curious, though- why do you not want to use
the
> > password-protected screen saver capability? If I'm understanding your
need
> > correctly, you are looking to ensure that the GUI is made unavailable
after
> > fifteen minutes of idle time without the user re-entering his/her
> > credentials, correct? Do you want to log the users off as opposed to
locking
> > the workstation?
> >
> > Laura
> > ----- Original Message -----
> > From: "Greene Paul" <greene_paul@bah.com>
> > To: <focus-ms@securityfocus.com>
> > Sent: Tuesday, August 20, 2002 3:12 PM
> > Subject: Force user login after 15 minutes of idle time w/o using a
screen
> > saver
> >
> > > Hello All,
> > >
> > > In a Windows NT or 2000 environment, is there a way to implement a
> > > session disconnect *without* using a password protected screen saver?
> > >
> > > In other words, if a client does *not* want to implement screen
savers,
> > > is there a way to force a user to re-enter their username and password
> > > again if the system were to sit idle for 15 minutes or more?
> > >
> > > I found a couple of registry setting that *might* do it, but am not
sure
> > > ........
> > >
> > >
> >
HKLM/System/CurrentControlSet/Services/LanManServer/Parameters/EnableForcedL
> > ogOff
> > >
> >
HKLM/System/CurrentControlSet/Services/LanManServer/Parameters/AutoDisconnec
> > t
> > >
> > > Any suggestions?
> > >
> > > Paul Greene