RE: Password Protected Screen Saver and Administrative Password

From: Tyson Leslie (Leslie.Tyson_at_colteng.com)
Date: 02/09/05

  • Next message: Forensics _at_ TracingEmails: "RE: Password Protected Screen Saver and Administrative Password"
    Date: Wed, 9 Feb 2005 11:57:24 -0700
    To: <focus-ms@securityfocus.com>
    
    

    I haven't used GoToMyPc, so take this with a grain of salt...

    If the screen saver has come on and it is password protected, you need
    the password for the account that is currently running to unlock it.
    Period.

    A separate administrator account (it doesn't not matter if it is a
    domain admin, as long as it has local admin rights) can be used to log
    out the existing session, but this might also shut down gotomypc. So,
    if you want them to be able to log in with the screen saver running, why
    not create them an account, with whatever privileges they are allowed to
    have, and then log *that* account in and lock the server? If you need
    to use a separate account for additional work, log them out, do your
    work, and log them in again.

            Tyson.

    -----Original Message-----
    From: Tom Milliner [mailto:tom.milliner@verizon.net]
    Sent: Tuesday, February 08, 2005 7:11 PM
    To: 'Patton Roub'; focus-ms@securityfocus.com
    Subject: RE: Password Protected Screen Saver and Administrative Password

    The vendor has a lot of customers and routinely uses GoToMyPC for
    support. In an ideal world for the vendor, there would be no password
    protected screen-saver to deal with. In other words, they could log on
    as needed (different time zones) to do maintenance. The screen- saver
    actually is a disruption to them, but since the server is in a common
    area, I use it. I also use it so that I can keep track of the vendor's
    maintenance (if something breaks after they log on, then I may want to
    call them)...they have to ask us to unlock the screen-saver.

    When I am not there, a trusted co-worker needs to be able to unlock the
    screen-saver.

    I am not understanding the suggestions to make the trusted co-worker a
    local administrator. Since the server is a domain member server, I
    logon as the domain administrator. Then it goes to password protected
    screen-saver after 60 minutes of inactivity.
    I know it needs an administrator's password to unlock the screen-saver.
    I have assumed that meant my domain administrator password instead of a
    local administrator password. I will test this tomorrow at work.

     
    Tom Milliner, CPA, MCSE
    2404 Summer Place Dr.
    Irving, TX 75062
    (214) 540-2741
    tom.milliner@verizon.net

    -----Original Message-----
    From: Patton Roub [mailto:proub@state.wy.us]
    Sent: Tuesday, February 08, 2005 6:22 PM
    To: focus-ms@securityfocus.com; tom.milliner@verizon.net
    Subject: Re: Password Protected Screen Saver and Administrative Password

    Is this a Windows 2000 Server or Windows Server 2003? If it is, then
    you should consider terminal services in maintenance mode. It requires
    no additional license purchases (two are free) and your vendor can
    connect without going through a fourth party's server equipment
    (GoToMyPC)(trusted?/untrusted?) to get there. They would log in as
    themselves (event logging
    good) and their access rights can be controlled. In terminal services,
    they also would not see your screen saver as they would have their own
    session/desktop/etc.

    Patton Roub, BSEE, MCSE
    proub@state.wy.us

    >>> "Tom Milliner" <tom.milliner@verizon.net> 2/7/2005 8:07:04 PM >>>
     
     
    Does someone know a way to allow a normal user to release a server
    password protected screen-saver without giving the user the
    administrator password?

    I need this so that third-party support can access our server via
    GoToMyPC when I am not there. The password protected screen-saver
    blocks them from remote access to fix problems. I cannot always be
    on-site to assist by supplying the screen-saver password.

     
    Tom Milliner, CPA, MCSE
    tom.milliner@verizon.net

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Forensics _at_ TracingEmails: "RE: Password Protected Screen Saver and Administrative Password"