Please verify what I think: if I logoff, the server still functions
normally. Then, I could simply logon to gain control of the
console.
I gather that I could be logged off, and still access the server
via remote desktop control. This still doesn't help the vendor.
The vendor doesn't have a VPN connection, and the server is
inside our firewall.
There is one more idea: since the server is in a common area,
I could make it "headless" (no monitor) and not use a screen
saver at all. I would just as soon avoid that, because it is
easier to deal with the server directly rather than remote
desktop control. For instance, if I am dealing with backup and
restores and the tape unit, it is easier to be at the console.
Or, how about a simple deterrent: unplug the monitor from the
server, and simply replug it. Again, though, I may look at the
server several times a day, and that would be tedious.
If I logged off, then the vendor still could not access the server
in my absence. They would need the administrator password
anyway.
Thanks for your reply. I will copy this to the group; again, I
appreciate the ideas from everyone.
Tom Milliner, CPA, MCSE
Director of Network Services
MetroTex Assc of Realtors
8201 N. Stemmons Frwy
Dallas, TX 75247
www.dfwrealtors.com
mail to: tomm@dfwrealtors.com
(214) 540-2741
-----Original Message-----
From:
Sent: Wednesday, February 09, 2005 11:36 AM
To: tom.milliner@verizon.net
Subject: Re: Password Protected Screen Saver and Administrative Password
Tom,
The point you seem to be missing, is this:
Don't use the screen saver as a tool to secure the machine.
Log out of the machine instead.
There is no reason for you to remain logged onto a machine that you are
not in front of, and using.
Once you start logging off once you are finished in front of the
machine, you will notice all of your other problems will dissapear.
--
Tom Milliner wrote:
The vendor has a lot of customers and routinely uses
GoToMyPC for support. In an ideal world for the vendor,
there would be no password protected screen-saver to
deal with. In other words, they could log on as needed
(different time zones) to do maintenance. The screen-
saver actually is a disruption to them, but since the
server is in a common area, I use it. I also use it
so that I can keep track of the vendor's maintenance
(if something breaks after they log on, then I may
want to call them)...they have to ask us to unlock the
screen-saver.
When I am not there, a trusted co-worker needs to be
able to unlock the screen-saver.
I am not understanding the suggestions to make the
trusted co-worker a local administrator. Since the
server is a domain member server, I logon as the
domain administrator. Then it goes to password
protected screen-saver after 60 minutes of inactivity.
I know it needs an administrator's password to unlock
the screen-saver. I have assumed that meant my domain
administrator password instead of a local administrator
password. I will test this tomorrow at work.
Tom Milliner, CPA, MCSE
2404 Summer Place Dr.
Irving, TX 75062
(214) 540-2741
tom.milliner@verizon.net
---------------------------------------------------------------------------
---------------------------------------------------------------------------
