Unlocking Screensaver password

0 pts.
Tags:
Administration
Biometrics
Digital certificates
HIPAA
Identity & Access Management
Management
provisioning
Security
Security tokens
Service and support
Single sign-on
Tech support
1st of all this is a win2k AD Domain w/all XP Clients and the extended GPManager Grouppolicy. Okay, so B/C of HIPAA I have to have my computers screensaver/password protected. Even though I'm forever telling'em to sign off when they leave computers my staff still doesn't do it. Thusly the computer locks and (when I'm not here) no one can unlock it. I need to set up a account that has the admin priv to unlock (log off current user) the saver but no other Admin priv. Would like to do it domainwide but have a small amount of computers (less than 20) so can do it on each comp if needed. WHERE IF ANYWHERE IS THIS PRIV. I'm lost Thanks in advance. Josh
ASKED: April 7, 2005  4:01 PM
UPDATED: May 29, 2009  5:15 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

There is a third party product that allows you to set exactly who, not necessarily and administrator can unlock the system. The product is called Unlock Administrator and can be downloaded from http://www.e-motional.com/ULAdmin.htm

Unfortunately, this is an inherent ability in the Administrator account group. This is opposed to privledges which can be assigned via Group Policies.

Discuss This Question: 10  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • PaulHinsberg
    Unfortunately, this is an inherent ability in the Administrator account group. This is opposed to privledges which can be assigned via Group Policies.
    15 pointsBadges:
    report
  • Houzema
    I do not know of a way to make your proposed solution work but an alternate solution is to have your help desk remotely shutdown/reboot the system using psshutdown or similar utility. psshutdown is a free utility from Sysinternals.
    0 pointsBadges:
    report
  • Houzema
    The right angle bracket on the URL posted above seems to be messing up the link. If you click the link it it will not work. You have to manually remove the bracket from the address bar or click here (I removed the bracket on the URL below). http://www.sysinternals.com/
    0 pointsBadges:
    report
  • Howard2nd
    A - Why isn't the local user able to unlock the screensaver it should just be their regular password? B - Since the default message says that only the logged on user or an Administrator can unlock the screensaver what is the problem. We all use XP Pro with SP2 and operate as 'Power Users', the local machine administrator which does not login to the network can release the screen saver. setup the 20 machines with one password for that account. C - Which gets back to the first point, the only time I get requests to unlock the 'screensaver' is when a 3rd party want to use the machine, why can't they use their own?
    30 pointsBadges:
    report
  • EtherShark
    It seems that there is some confusion as to why you are experiencing this problem - not becuase of the normal behavior of the OS, but why this situation exists. Before a resonable solution can be reached, I think there needs to be a little more clarity. I understand and sympathize with your HIPAA. Howard2nd asked some good questions. Before probing any deeper, or wasting time answering the wrong question/situation ? could you answer his #C? --More to the point, with HIPAA being as strict as it is about the protection of specific types of data, why would you want a 3rd party to sign on to the ?locked? machine? If these are ?community? workstations (that you?re not concerned about what information is seen by whom) then why not just create a service account(s) that multiple people can use ? (I?d lock the account(s) down to one machine so that people can?t just use it anywhere they want though). On the other hand, if there are only 20 machines to administer, you may want to look at a 3rd party screen saver that does not use the local user account password ? then you, as the admin can assign screensaver passwords to your users. In that vein, check this out -> http://www.privacyposters.com/screens/
    0 pointsBadges:
    report
  • Marcjacquard
    OK gang, Here is an article that may help. http://www.winability.com/active-exit/winexit.htm active-exit is commercial and winexit is part of the resource utilities disk. I think this should do the trick for your needs. Just pick which one you like best.
    0 pointsBadges:
    report
  • Houzema
    You said you had XP clients so I am sending this link and info from that link, which is XP specific. Thanks to marcjacquard for the lead on this solution. Hope it resolves your problem. Let us know how it works out! The following information is from: http://support.microsoft.com/default.aspx?scid=kb;en-us;314999 How To Force Users to Quit Programs and Log Off After a Period of Inactivity in Windows XP Article ID : 314999 Last Review : July 15, 2004 Revision : 1.0 This article was previously published under Q314999 SUMMARY This step-by-step article describes how to automatically quit a user's running programs and to log the user off of a workstation after a specified time period. Workstations that are left logged on may represent a security risk for an organization. Many networks allow users to leave programs running and to remain logged on to their computers for an undefined time period. The Microsoft Windows 2000 Resource Kit includes the Winexit.scr tool that you can use to automatically quit a user's programs and to log the user off of the workstation. How to Configure the Winexit.scr Screen Saver 1. Use Windows Explorer to locate the Winexit.scr file in the Windows 2000 Resource Kit folder on your hard disk. 2. Right-click the Winexit.scr file, and then click Install. 3. The Display Properties dialog box appears with the Screen Saver tab active. The Logoff Screen Saver entry is automatically selected. Click Settings. 4. Select the Force application termination check box to force programs to quit. 5. In the Countdown for n seconds box, type the number of seconds for which the logoff dialog box appears before the user is logged off. 6. In the Logoff Message box, type the message that appears during the logoff countdown. Click OK. 7. In the Display Properties dialog box, click Preview. 8. You see the Auto Logoff dialog box. It displays the logoff message and the countdown timer. Click Cancel. 9. Click OK. Troubleshooting The Force application termination option forces programs to quit even if the programs contain unsaved data. If you do not use this option, programs that contain unsaved data do not quit and the user is not logged off. It is a good idea to set your corporate policy to automatically save user documents if you use the Force application termination option.
    0 pointsBadges:
    report
  • ELPUEBLO
    Thanks to everyone for your answers. I downloaded winexit and tried it out. I like it and think that I will use this solution. sadly as far as I can tell I have to do this on a per user basis using GP instead of a per computer basis (although now that I think of it I could make it a policy on the local computer instead of a domainwide) Winexit is exactly what the DR. called for (pun sort of intended on hindsight) Thanks for everyones help and I may post again if my Ex Dir don't like this solution. Josh
    0 pointsBadges:
    report
  • ELPUEBLO
    Hello all a small follow up. I recently DL'd PSshutdown and while it works great if you've a user actively logged on (i.e they're doing something inappropriate and U need to kick them off: My mom's a librarian and love that feature) it does not act if the computer is locked (either through "windows security" or via screensaver lockdown). Am I missing something? the string I'm using is psshutdown -u -p are real names but u don't need to know them)
    0 pointsBadges:
    report
  • MaineIT
    Instead of a technical solution, correct the behavior, don't create workarounds! If you do that once, you'll be doing it forever. Tell user MA2 to go get user MA1 and have her unlock the machine and log it off properly! After this has happened a couple of times, MA1 will stop 'forgetting' to log off. Your screensaver lockout is a perfectly legitimate security procedure, and if the users don't comply with it, you can bet there are others (HIPAA-related too, probably)they are not complying with - and THAT is an issue for their supervisors, not you!
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following