I haven't used GoToMyPc, so take this with a grain of salt...
If the screen saver has come on and it is password protected, you need
the password for the account that is currently running to unlock it.
Period.
A separate administrator account (it doesn't not matter if it is a
domain admin, as long as it has local admin rights) can be used to log
out the existing session, but this might also shut down gotomypc. So,
if you want them to be able to log in with the screen saver running, why
not create them an account, with whatever privileges they are allowed to
have, and then log *that* account in and lock the server? If you need
to use a separate account for additional work, log them out, do your
work, and log them in again.
Tyson.
-----Original Message-----
From: Tom Milliner [mailto:tom.milliner@verizon.net]
Sent: Tuesday, February 08, 2005 7:11 PM
To: 'Patton Roub'; focus-ms@securityfocus.com
Subject: RE: Password Protected Screen Saver and Administrative Password
The vendor has a lot of customers and routinely uses GoToMyPC for
support. In an ideal world for the vendor, there would be no password
protected screen-saver to deal with. In other words, they could log on
as needed (different time zones) to do maintenance. The screen- saver
actually is a disruption to them, but since the server is in a common
area, I use it. I also use it so that I can keep track of the vendor's
maintenance (if something breaks after they log on, then I may want to
call them)...they have to ask us to unlock the screen-saver.
When I am not there, a trusted co-worker needs to be able to unlock the
screen-saver.
I am not understanding the suggestions to make the trusted co-worker a
local administrator. Since the server is a domain member server, I
logon as the domain administrator. Then it goes to password protected
screen-saver after 60 minutes of inactivity.
I know it needs an administrator's password to unlock the screen-saver.
I have assumed that meant my domain administrator password instead of a
local administrator password. I will test this tomorrow at work.
Tom Milliner, CPA, MCSE
2404 Summer Place Dr.
Irving, TX 75062
(214) 540-2741
tom.milliner@verizon.net
-----Original Message-----
From: Patton Roub [mailto:proub@state.wy.us]
Sent: Tuesday, February 08, 2005 6:22 PM
To: focus-ms@securityfocus.com; tom.milliner@verizon.net
Subject: Re: Password Protected Screen Saver and Administrative Password
Is this a Windows 2000 Server or Windows Server 2003? If it is, then
you should consider terminal services in maintenance mode. It requires
no additional license purchases (two are free) and your vendor can
connect without going through a fourth party's server equipment
(GoToMyPC)(trusted?/untrusted?) to get there. They would log in as
themselves (event logging
good) and their access rights can be controlled. In terminal services,
they also would not see your screen saver as they would have their own
session/desktop/etc.
Patton Roub, BSEE, MCSE
proub@state.wy.us
"Tom Milliner" <tom.milliner@verizon.net> 2/7/2005 8:07:04 PM >>>
Does someone know a way to allow a normal user to release a server
password protected screen-saver without giving the user the
administrator password?
I need this so that third-party support can access our server via
GoToMyPC when I am not there. The password protected screen-saver
blocks them from remote access to fix problems. I cannot always be
on-site to assist by supplying the screen-saver password.
Tom Milliner, CPA, MCSE
tom.milliner@verizon.net
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
