RE: Password Protected Screen Saver and Administrative Password
From: Tom Milliner (tom.milliner_at_verizon.net)
To: "'Thor (Hammer of God)'" <email@example.com>, <firstname.lastname@example.org> Date: Wed, 9 Feb 2005 14:03:41 -0600
That is exactly what I am saying.
GoToMyPc allows this vendor to easily setup access to their
clients' servers. The GoToMyPc is very simple to setup and
by-pass firewalls (therefore, users could easily set this up
on their desktop in order to access their desktop from home).
At any rate, the vendor uses GoToMyPc, which is password
protected and reasonably secure.
The server in question is a member server which must be
connected to the domain. It does have user accounts. I
suppose I can try to setup a domain user other than the
domain administrator to logon to it, and then the screen
saver password would belong to that domain user. I may
Normally, for ease of use, I logon to all 7 servers as the
domain administrator. They all run 24x7 and serve in
different capacities. The one used by the vendor is a
Windows 2000/SQL 2000 box which runs our membership
and accounting databases. The idea of logging on as a
normal user (with special permissions, perhaps) may
present some interesting challenges (I'm wondering if it
will work...maybe I can test it on a weekend).
From a simplicity standpoint, it would help if there was
a separate and distinct screen-saver password available.
For instance, let's say the screen-saver is locked, but the
administrator is away and simply needs a consultant to
perform a task on the server. I'd want to give the
consultant a non-administrator password for that type of
Tom Milliner, CPA, MCSE
Director of Network Services
MetroTex Assc of Realtors
8201 N. Stemmons Frwy
Dallas, TX 75247
mail to: email@example.com
From: Thor (Hammer of God) [mailto:firstname.lastname@example.org]
Sent: Wednesday, February 09, 2005 12:42 PM
To: email@example.com; firstname.lastname@example.org
Subject: Re: Password Protected Screen Saver and Administrative Password
I think the suggestion of a local admin was for the remote vendor, not
trusted co-worker... It is hard to tell, as the request is somewhat
If I understand correctly, you log into the member server as the domain
administrator, letting the screen saver lock after 60 minutes since it
a common area. You have a remote vendor that uses GoToMyPC to perform
maintenance on your server, but you do not want to give them the domain
admin password-- rather, you want them to have to ask first, allowing
track access, even though when you unlock the screen, they have full
to not only the member server, but the rest of your entire network as a
domain administrator. When you are not there, you want to have a
person, the "trusted co-worker" unlock the screen for the vendor, but
don't want him to have the domain admin password either-- rather, you
him to be a normal user, but unlock the password locked screen saver to
resume the domain administrator interactive logon session.
Is this really what you are saying?
----- Original Message -----
From: "Tom Milliner" <email@example.com>
To: "'Patton Roub'" <firstname.lastname@example.org>; <email@example.com>
Sent: Tuesday, February 08, 2005 6:11 PM
Subject: RE: Password Protected Screen Saver and Administrative Password
> The vendor has a lot of customers and routinely uses
> GoToMyPC for support. In an ideal world for the vendor,
> there would be no password protected screen-saver to
> deal with. In other words, they could log on as needed
> (different time zones) to do maintenance. The screen-
> saver actually is a disruption to them, but since the
> server is in a common area, I use it. I also use it
> so that I can keep track of the vendor's maintenance
> (if something breaks after they log on, then I may
> want to call them)...they have to ask us to unlock the
> When I am not there, a trusted co-worker needs to be
> able to unlock the screen-saver.
> I am not understanding the suggestions to make the
> trusted co-worker a local administrator. Since the
> server is a domain member server, I logon as the
> domain administrator. Then it goes to password
> protected screen-saver after 60 minutes of inactivity.
> I know it needs an administrator's password to unlock
> the screen-saver. I have assumed that meant my domain
> administrator password instead of a local administrator
> password. I will test this tomorrow at work.