Re: Unlocking Workstations
From: Jim Seifert [MSFT] (jimsei_at_online.microsoft.com)
Date: 08/25/03
- Next message: Jack Seredyniecki: "Re: TCP/IP Filter"
- Previous message: Paul: "Menu option has disappeared"
- In reply to: Alan Coleman: "Unlocking Workstations"
- Next in thread: Hugo: "Re: Unlocking Workstations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Aug 2003 12:30:08 -0700
This KB should help. http://support.microsoft.com/?kbid=314999: HOW TO:
Force Users to Quit Programs and Log Off After a Period of Inactivity in
Windows XP.
"This step-by-step article describes how to automatically quit a user's
running programs and to log the user off of a workstation after a specified
time period."
-- This posting is provided "AS IS" with no warranties, and confers no rights. "Alan Coleman" <technology@sjvmail.net> wrote in message news:OQrNbbzaDHA.656@tk2msftngp13.phx.gbl... > Hi, > > I am having a problem with the user population at my organization. I'm > running a pure Windows 2000 Server/Workstation environment with active > directory. Currently, I have a policy enabled that makes it so that the > workstation locks after 15 minutes of inactivity. This is because we have a > lot of sensitive medical/client information on the computers and we need to > keep it protected. My users have a tendency to walk away from their > computers and just leave them up, aiding the possibility of non-authorized > people to sit down at their computers and have complete access to network > files. Automatic workstation locking seemed to be the best solution for > this. > > However, there is a problem. When a workstation locks itself, only the user > or an administrator can unlock the workstation. This means that when > someone walks away from their machine and just leaves themselves logged in, > no one else can use it. This frustrates users because now users can't hop > onto a machine quickly to get to their own files or email. So now my users > give out their passwords to other users "Oh, you need to unlock my machine, > here my password is..." or even better, they tape their passwords to their > monitors so that anyone can get into the machine at any time, thus defeating > the purpose of security to begin with. > > What I would like to do, to solve this problem, is have regular users be > able to unlock workstations, just like administrators can do. I don't see > this as a security risk because when someone other than the user unlocks a > workstation, Windows logs the original user out, so you can't get to their > files or anything else. But it seems that there is no policy option of any > kind that would allow me to give normal users the ability to unlock a > workstation. It also appears that the only user level able to unlock > networked workstations is a Domain Administrator. I had thought about > creating an account called "unlock" that users could use to unlock other > workstations, but there is no way I can have a generic domain administrator > account on my system. > > There must be a way to solve this dilemma. Any suggestions would be helpful > > -- > ---------------------- > Alan Coleman > Technology Services Coordinator > (804) 553-3293 (Office) > (804) 339-6347 (Cell) > >
- Next message: Jack Seredyniecki: "Re: TCP/IP Filter"
- Previous message: Paul: "Menu option has disappeared"
- In reply to: Alan Coleman: "Unlocking Workstations"
- Next in thread: Hugo: "Re: Unlocking Workstations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
