Results 1 to 5 of 5

Thread: Lock-Screen!

  1. #1


    Is there a security feature in Windows 2000 that automatically log the user out of the system and and creates a audit for this log off if the system is inactive for 30 minutes or so?

  2. #2
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    I'm not familiar with a feature to log you out automatically, but you can set the screen-saver to 'lock' the workstation with a password when it kicks on, though. It's just like hitting ctrl-alt-del and selecting "Lock Workstation". Only the admin or the user who locked the screen can unlock it without a reboot.
    /* You are not expected to understand this. */

  3. #3
    Yes, that is well known. However, we would like this process or function to perform a task like that, but this task automatically logs the user off the system.

    We also need the process to be logged in the audit logs as a log off or forced log off.

  4. #4
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Joey -- this may not be practical for what you need it for, but MS has an article about how to Limit User Logon Times that mentions how to set the auto-logoff when the time expires. Perhaps you could set the hours of your workstations to start 30 minutes before and end 30 minutes after business hours?
    /* You are not expected to understand this. */

  5. #5
    I'm lookin for a WinExit process for Win2K.

    If you are not familiar with WinExit
    Log off those idle users!
    You adopted Windows NT because it's supposed to be a secure operating system (OS). You use access control lists (ACLs) to secure most objects on your NT network, and you prevent users from accessing NT workstations without a password. You implemented Service Pack <javascript:winPop('http://www.winnetmag.com/FindIT/Index.cfm?ID=37')> 3's (SP3's) cool passfilt.dll, which forces users to choose complex, difficult-to-crack passwords. (For more information about passfilt.dll, see R. Franklin Smith, "Protect Your Passwords," October 1998.) Running NT on desktops throughout your enterprise seems like a great way to keep your network secure, right?
    Your network might not be as secure as you think it is. Many networks let users stay logged on indefinitely. If you walk around many corporations, you'll see NT desktops that users have logged on to and walked away from. Unattended desktops weren't a problem when networks ran off mainframes because mainframes automatically log off users after a certain period of inactivity. How can you perform such an automatic logoff in NT?
    You can use WinExit to secure inactive workstations. This screen saver program ships in Microsoft Windows NT Server 4.0 Resource Kit. WinExit consists of one file, winexit.scr, which you can find in the resource kit directory.
    WinExit Options
    Right-click winexit.scr and you'll see the options Install, Test, and Configure. Select Install. A Display Properties dialog box will appear. The Display Properties dialog box shows the Screen Saver tab from the standard Control Panel Display applet; the Screen Saver dropdown menu will have the Logoff Screen Saver option selected.
    You can change the value in the Wait spin box to select how long you want your network's computers to wait from the time users become inactive until WinExit starts the logoff process. The default Wait value is 15 minutes.
    After the Wait period expires, WinExit starts. The utility displays an Auto Logoff in progress dialog box that warns users that WinExit is going to log them off. Users can click Cancel or press any key to stop the logoff process. The dialog box counts down for a period of time (30 seconds by default). When the period expires, WinExit logs off the user.
    To change the length of time the Auto Logoff in progress dialog box counts down, click Settings on the Screen Saver tab. You can configure three settings in the WinExit Setup Dialog box that appears: Force logoff, Time to logoff, and Logoff Message. You configure the logoff countdown period in the Time to logoff section's Countdown text box. The text box's value is the length of the logoff countdown in seconds. WinExit accepts values from 0 to 999. If you set the value to 0, the computer will wait for the period you specify in the Wait spin box, then log off users without giving them a chance to avert the logoff.
    The Logoff Message text box lets you customize the Auto Logoff in progress dialog box. Double-click the WinExit icon to see the Auto Logoff in progress dialog box; the message you enter in the Logoff Message text box replaces the default message Use Setup to change the text in this line. You can leave the Logoff Message text box empty or enter a message such as The network is going to log you off because your machine is inactive or To maximize network throughput, the network automatically logs off inactive sessions.
    The WinExit Setup Dialog box's Force application termination check box lets WinExit terminate users' applications without saving their data. When users log off NT workstations, they receive messages from applications that have open, unsaved files. These dialog boxes question whether users want to save unsaved data. The default WinExit logoff process waits for users to respond to applications' dialog boxes before logging the users off. However, users who aren't at their desk can't choose to save or reject changes to documents.
    If you don't select the Force application termination check box, WinExit won't log off users who have unsaved data. If you select the check box, WinExit won't wait for users to respond to applications' logoff dialog boxes, and users will lose unsaved data. Whether you need to select the Force application termination check box depends on your company's policies and whether all your users diligently run their software's automatic save options.
    Regardless of whether you choose to terminate programs that have unsaved data, you can use WinExit to make your network more secure. Make WinExit your next system policy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts