Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?
From: Marlon Brown (marlon_brown_at_hotmail.com)
Date: 11/24/04
- Next message: Cary Shultz [A.D. MVP]: "Re: Trust relationships"
- Previous message: Arc J. Thames: "Trust relationships"
- In reply to: Ryan Hanisco: "Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Nov 2004 09:03:02 -0800
You guys are rocking. Thanks for your input.
"Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message
news:%23ZZkqUk0EHA.3808@tk2msftngp13.phx.gbl...
> Marlon,
>
> Anthony is correct on the way to set this, but you have more to think
about
> than just the technical issues... Always let the technology follow the
> business needs, never the other way around.
>
> Enforcing this policy is a good idea from a business standpoint as it
helps
> to mitigate the risk of unauthorized access. Court cases have shown that
an
> unlocked terminal or even a logon prompt without a warning can be
considered
> an invitation for use. This opens yourself to legal and personnel
problems.
>
> This strongly points at doing this from a centralized point rather than
> allowing your users any control over this. You would also be wise to use
> the logon message to specify that access is for Authorized Use only in
> accordance with your company's AUP -- Some even go as far as to post the
> entire AUP on every logon.
>
> While there may be some initial headaches for your helpdesk, they will be
> short-lived. This is something that users will see every day and will
> quickly disappear as it becomes one of their daily tasks. Spend 5 minutes
> creating a PDF with screen shots to send to everyone with a cutover date
and
> get management buy-in (sounds like you already have that) to draw fire.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
>
> "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> news:OsMU36j0EHA.2824@TK2MSFTNGP09.phx.gbl...
> > In my organization I have asked trainers/helpdesk to always advise users
> to
> > do CTRL+ALT+DEL and lock workstations when they go away from their
> > computers.
> >
> > I have one of our senior managers asking why we don't enforce the "lock
> > workstations" on our WinXP/Win2000Prof automatically in case users leave
> > workstations idle for a certain period of time.
> >
> > My first thought is that enforcing this would cause more support issues;
> > By the way, do we have a way to do suck 'lock the workstations't via
Group
> > POlicies ? The way I know it can be done is via the Screensaver on the
> > respective workstations.
> > Please advise if there is a way to do that from the server side and also
> if
> > that's something people are doing out there or is more effective to let
> > users lock their workstations on their own.
> >
> >
>
>
- Next message: Cary Shultz [A.D. MVP]: "Re: Trust relationships"
- Previous message: Arc J. Thames: "Trust relationships"
- In reply to: Ryan Hanisco: "Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
