Re: Password Protected Screen Saver and Administrative Password

From: James Eaton-Lee (james.mailing_at_gmail.com)
Date: 02/08/05

  • Next message: Marsha Cipollone: "RE: active directory password policy" 
    To: tom.milliner@verizon.net
Date: Tue, 08 Feb 2005 21:10:14 +0000

    Tom,

    I'm assuming that you mean the following:

    i) your vendor have a user account on the system, and not an
    administrator account

    ii) you want to keep it this way

    iii) the console is routinely locked by administrator

    In this case, I don't think there's an easy solution to the problem
    which doesn't involve third-party software; I'm not aware of any way to
    specifically delegate this right to domain users; assuming that this is
    a domain server, your only bet without giving the vendor domain access
    is to give them a local administrator account, which may not be ideal.

    The only other solution for this is a tool which originally shipped with
    the windows NT4 resource kit, called 'Winexit', which you could setup
    (as a screensaver) to automatically logout after a certain period of
    inactivity. If your administrators have a habit of leaving the
    workstatio/server locked when they're not using it, this may be an
    option, as you can set a suitably high timeout (several hours or days)
    for the account to be logged out so that the console is freed up. An
    article on this is online here:

    http://www.win2000mag.com/Articles/Index.cfm?ArticleID=4541

    There are versions of winexit.scr available for windows 2000 and 2003
    server also; a quick google gives me a direct download (referenced on
    tek-tips.com) to winexit.zip, but this is on a non-microsoft website, so
    download at your own risk:

    http://www.dynawell.com/reskit/microsoft/win2000/winexit.zip

    Oddly, I was unable to find a link to the windows 2000 resource kit on
    microsoft.com easily, although I have downloaded this half a dozen times
    before now.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;314999&sd=tech
    (howto use winexit from the win2k service pack in windows xp pro)

    http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
    (Windows 2003 reskit)

    http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/winexit.asp
    (Documentation for reskit.scr in win2k3)

    Again, short of third-party software, I don't think there's really an
    easy solution to this which doesn't involve getting people to remember
    to log off.

    Hope that helped!

     - James.

    On Mon, 2005-02-07 at 21:07 -0600, Tom Milliner wrote:
    >
    > Does someone know a way to allow a normal user to
    > release a server password protected screen-saver
    > without giving the user the administrator password?
    >
    > I need this so that third-party support can access
    > our server via GoToMyPC when I am not there. The
    > password protected screen-saver blocks them from
    > remote access to fix problems. I cannot always be
    > on-site to assist by supplying the screen-saver
    > password.
    >
    >
    > Tom Milliner, CPA, MCSE
    > tom.milliner@verizon.net
    > http://www.win2000mag.com/Articles/Index.cfm?ArticleID=4541
    >
    >
    >
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Marsha Cipollone: "RE: active directory password policy"

    Relevant Pages

    • Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly
      ... those virii are not relying on anything inherent in Windows. ... >>administrator failing to put a password on the administrator account for ... >>Outlook Express, a Web browser other than Internet Explorer, and using a ...
      (comp.os.vms)
    • Re: Administrator account logon
      ... MS-MVP Windows XP/ Windows Smart Display ... >>the Administrator account on the new Windows XP logon ... >>for Enable Administrator Account ... MS-MVP Windows XP/ Windows Smart Display ...
      (microsoft.public.windowsxp.security_admin)
    • [Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows l
      ... Windows XP home edition hides the administrator account and disables access ... Subject: Vulnerability in IBM Windows XP: default hidden Administrator ... > In previous versions of Windows, the install would allow you to ...
      (Full-Disclosure)
    • Re: Administrator Privileges
      ... HOW TO Take Ownership of a File or Folder in Windows XP: ... > administrative profile for Administrator. ... >>>> In XP Pro edition, run GPEDIT.MSC, and look for a policy setting. ... >>>>> administrator account became a partial administrator. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: msconfig problem
      ... Operating system is Windows XP Home Edition Version 2002 with SP2. ... Administrator to make the return to Normal Startup. ... Event Type: Warning ...
      (microsoft.public.windowsxp.help_and_support)
    • Quantcast