Re: Automatically locking desktop after a certain period of time
From: Vanguard \(NPI\) (vanguard.code_at_comcastNIX.net)
Date: 11/02/05
- Previous message: Vanguard \(NPI\): "Re: Locking workstation - locks everything or just screen?"
- Next in thread: Doug Knox MS-MVP: "Re: Automatically locking desktop after a certain period of time"
- Reply: Doug Knox MS-MVP: "Re: Automatically locking desktop after a certain period of time"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Nov 2005 11:21:58 -0600
"Doug Knox MS-MVP" <dknox@mvps.org> wrote in message
news:%23NZk94%232FHA.2600@tk2msftngp13.phx.gbl...
The user shouldn't have write permissions to the Windows\System32 folder, so
they shouldn't be able to rename the SCR file. If you're allowing them to
run as Administrators, then they'll be able to.
"Vanguard (NPI)" <vanguard.code@comcastNIX.net> wrote in message
news:%23gcVY982FHA.636@TK2MSFTNGP10.phx.gbl...
> "Doug Knox MS-MVP" <dknox@mvps.org> wrote in message
> news:uVkrHe82FHA.2524@TK2MSFTNGP10.phx.gbl...
> Since you're on Active Directory, force the use of a screen saver and a
> timeout and password requirement via Group Policies. These settings are
> in
> User Configuration, Administrative Templates, Control Panel, Display.
>
> "sfurney" <sfurney@discussions.microsoft.com> wrote in message
> news:CA753ECB-A7B3-406E-A6E1-C40658B041E5@microsoft.com...
>> We are in an educational setting. Staff members periodically forget to
>> lock
>> their computers when they leave their classroom or office. We are on
>> active
>> directory and each staff member is a regular user. Is there any way to
>> have
>> the computer automatically lock after a certain amount of time (like some
>> programs do)?
>
> If the user renames the .scr file, and since it appears the local .scr
> file
> gets used, wouldn't that obviate the screen saver from getting used? It
> might, however, still force a Windows lockout (i.e., Ctrl-Alt-Del window
> appears). The policy should still push the option to password protect on
> triggering the screen saver. Although the screen saver can't run, the
> Windows logon screen should still show up.
True, and they cannot use .reg files to update the registry, either, unless
they are admin users. However, "Staff members" gives absolutely no clue as
to which group those users belong or their permissions.
There isn't even mention if the users are logging in under a domain where
you could push policies (and which, by the way, only get pushed when they
login and can be overridden during that Windows session, like using "regedit
/s <.reg_file>" in the Startup group to undo those one-time pushed policy
settings). So if they are on a domain, they can still override policies.
If not on a domain, they can override local policies or registry edits by
the admin. However, both scenarios do require the user have admin rights to
change the registry. I assumed "Staff members" were more likely to have
admin rights than, say, tutors, students, or other non-staff users.
If you have admin rights, you can use a .reg file to change registry
settings which even specify which .scr file to load, and you could specify a
bogus filename rather than having to rename the .scr file itself. Because I
have admin rights to my host under the domain login, I can override the
15-minute policy setting which attempts to use logon.scr to lockup my host.
I have several hosts in my cubicle and cannot have them locked up because
that prevents me from seeing critical e-mail alerts and the status of
currently running jobs. But it did require getting admin rights to my host
under my domain login.
-- _________________________________________________ | ** Reply to the newsgroup. Share with others ** | | E-mail: Remove "NIX" and add "#LAH" to Subject. | |_________________________________________________|
- Previous message: Vanguard \(NPI\): "Re: Locking workstation - locks everything or just screen?"
- Next in thread: Doug Knox MS-MVP: "Re: Automatically locking desktop after a certain period of time"
- Reply: Doug Knox MS-MVP: "Re: Automatically locking desktop after a certain period of time"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
