Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?
From: Ryan Hanisco (rhanisco_at_flagshipis.com)
Date: 11/24/04
- Next message: Arc J. Thames: "Trust relationships"
- Previous message: Michael Ellingson: "Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
- In reply to: Marlon Brown: ""Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
- Next in thread: Marlon Brown: "Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
- Reply: Marlon Brown: "Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Nov 2004 10:46:37 -0600
Marlon,
Anthony is correct on the way to set this, but you have more to think about
than just the technical issues... Always let the technology follow the
business needs, never the other way around.
Enforcing this policy is a good idea from a business standpoint as it helps
to mitigate the risk of unauthorized access. Court cases have shown that an
unlocked terminal or even a logon prompt without a warning can be considered
an invitation for use. This opens yourself to legal and personnel problems.
This strongly points at doing this from a centralized point rather than
allowing your users any control over this. You would also be wise to use
the logon message to specify that access is for Authorized Use only in
accordance with your company's AUP -- Some even go as far as to post the
entire AUP on every logon.
While there may be some initial headaches for your helpdesk, they will be
short-lived. This is something that users will see every day and will
quickly disappear as it becomes one of their daily tasks. Spend 5 minutes
creating a PDF with screen shots to send to everyone with a cutover date and
get management buy-in (sounds like you already have that) to draw fire.
-- Ryan Hanisco MCSE, MCDBA Flagship Integration Services "Marlon Brown" <marlon_brown@hotmail.com> wrote in message news:OsMU36j0EHA.2824@TK2MSFTNGP09.phx.gbl... > In my organization I have asked trainers/helpdesk to always advise users to > do CTRL+ALT+DEL and lock workstations when they go away from their > computers. > > I have one of our senior managers asking why we don't enforce the "lock > workstations" on our WinXP/Win2000Prof automatically in case users leave > workstations idle for a certain period of time. > > My first thought is that enforcing this would cause more support issues; > By the way, do we have a way to do suck 'lock the workstations't via Group > POlicies ? The way I know it can be done is via the Screensaver on the > respective workstations. > Please advise if there is a way to do that from the server side and also if > that's something people are doing out there or is more effective to let > users lock their workstations on their own. > >
- Next message: Arc J. Thames: "Trust relationships"
- Previous message: Michael Ellingson: "Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
- In reply to: Marlon Brown: ""Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
- Next in thread: Marlon Brown: "Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
- Reply: Marlon Brown: "Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
