Can I set an independent password for the Win2K screensaver?

[David_Jones]

Hi All,

Is it possible to set an indpendent screensaver password under Win2K?

I have a situation where our HR Manager was working on a spreadsheet showing everyone's salaries (fairly confidential of course!).

That file is kept on a diskette locked in her cupboard, and is also protected with a password in Excel (12 characters long), and backed up on a separate diskette, kept at her home.

She copies the file to her HDD while working on it, and then back to the diskette after finishing, and deletes the copy on her HDD.

Security of that spreadsheet is not the issue though (please no comments on temp files, recovering deleted files etc!).

The problem arose when she had an issue on her machine, and our user support guy came along while she was away from her desk.

She had activated the 'lock' (Ctrl-Alt-Del, followed by 'K' to lock the machine) as she should have done.

However, the support guy typed in the administrator password, got past the lock, and was now looking at the (open) list of all the salaries.


Problem:

We cannot seem to set an independent password in the screensaver (say, 3d flower box) so that it can be invoked to lock the workstation independently of the admin password / user login password.

I have tried copying '3D Flower Box.exe' from a Win98 machine, and running it (with /s) on the Win2k machine, but there is no place that I can see to set the password as you would under Win98.

Is it an option that I cannot see?


Thanks,

David.

PS: We would definately prefer not to download a third party screensaver, since it will breach our corporate policies unless we go through a rigorous evaluation process set by the parent company (too much hassle!)

[padawan]

the tech guy should not have her password, or she needs a separate account on the machine, even one in the admin group. Just create a new admin, name it whatever she wants, but be sure to use a new password that nobody else knows.

The admin cannot unlock another user account, he can only force them to log out. If she has her own account with a secret pasword, it should be good.

[David_Jones]

Interesting.

I guess we assumed that my statement above was correct, but did not question the support guy (didn't want to wave a red flag that there could be an issue).

So, if he entered the admin password, it would only have allowed him to close all her apps, and log her out?

To get to see that spreadsheet, he had to know her login password?

Could be tricky - the HR manager is the 'owner' of the company policies on passwords etc!

Out of interest, if he HAD entered the admin password, and logged her out, what would have happened to any unsaved changes in the spreadsheet? Woud he have gotten a warning, and if so, what options would there be?

Thanks,

David.

PS: Probably obvious, but I am not the sys admin, so I cannot try it out for myself without setting up a Win2K box from scratch, and I do not have a spare one to try it!

[Tuf]

The security you need in this situation is already built into your OS. Don't leaves files open and when you leave your desk log off of the computer. The system of keeping the file locked away on a floppy is a good one except it is inconvenient, in fact that's probably why the file was open when she left her desk. Whatever you system you implement you have to stick with.

But to answer your question just set her computer to log off after X number of minutes of inactivity instead of activating a screensaver.

As has already been posted .... does she not have her own account?

[David_Jones]

Yes - everyone has their own account, and no-one is *supposed* to share their password with anyone else, not even the support guys.

We (she and I) guessed that the support guy had used an adminstrator password to get past the Ctrl-Alt-Del / Lock screen (it does indicate that that is possible when we read the message on screen).

However, from what has been posted above, I would now have to supect that she had, in the past, told the support guy her login password, and he must have used that to be able to see the spreadsheet on screen.

If we set up the computer to log her off after X min of activity, what would happen to unsaved changes in the spreadsheet? Would the machine assume that the changes were permanent, and save them (could be dangerous), or would it ignore changes, and close the file without saving (could also be dangerous)?

Thanks for your help!

David.

[Tuf]

Depends on the programs and their settings. I have my M$ Office Apps where they will save the changes.

[David_Jones]

Okay thanks.

Back to the original query.

What we really want to be able to do is replicate the 'secure' feature of the screensaver that was available under Win98.

With that system, we knew 100%, that if the screensaver was activated, the only way to get into the computer was either know that password, or re-boot the computer (which is always an option with any OS of course).

It seems strange that Win2K is actually *less* secure in this respect?

Thanks for your company on my learning curve!

David.