Dealing with users who avoid screensaver/lock screen?

Discussion in 'Networking & Security' started by cyclone3d, Nov 9, 2018.

  1. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,781
    Joined:
    Aug 24, 2005
    Sounds great, although how do we ensure users lock their PC's when they step away?

    If only there was some mechanism where we could lock it after a certain time in case they forget to lock it when they walk away.....
     
  2. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,666
    Joined:
    Aug 16, 2004

    HAHA.. if people would lock their computers when they left their desk I wouldn't have as much of as problem with it... but they will leave them unlocked overnight, over the weekend, and even when they are on vacation. So yeah... screw that.

    And this is corporate policy... if I comply with the users skirting security policy it is my head that is on the chopping block.

    Something, something about foreign entities being able to steal trade secrets. No cameras are allowed in the lab, etc. Documents are highly controlled, etc.

    If you have issues with security policies and skirt them, then you should be without a job.
     
    AlphaQup and GoldenTiger like this.
  3. SticKx911

    SticKx911 [H]ard|Gawd

    Messages:
    1,992
    Joined:
    Mar 14, 2004
    the only reason security lock outs annoy me are the dozen passwords I have to remember and change to unique ones every 90 days. It's almost like they want me to just write them down next to my PC or any other means of defeats-the-purpose tactics. I don't do a lot of at a desk work, but when I do, I probably spend at least 10-25% of it resetting forgotten passwords.

    That said. Win-L is the easiest habit to get into. I'm not sure why it's so difficult for people to do. If someone does something nefarious on my PC when I'm up, I get fired. Pretty sure I'd rather lock the screen than risk that.
     
  4. EniGmA1987

    EniGmA1987 [H]Lite

    Messages:
    93
    Joined:
    May 2, 2017

    Bluetooth based proximity lock. When they step away it locks no matter what when the bluetooth device is not within a few feet. Windows 10 has this built in but with very little control, it just has a 30 second away timer always (maybe can be changed in registry?) and doesnt tune the bluetooth range. So since normal bluetooth is 20-30 feet, that is quite a bit of distance you can get before the timer even starts. If the PCs dont have a bluetooth chip in them, you can just plug one of these in to the computers:
    https://www.amazon.com/Bluetooth-Re...&qid=1544631559&sr=1-3&keywords=bluetooth+USB
    and then something like this that each person carries with them:
    https://www.amazon.com/Hideez-Key-B...631728&sr=8-5&keywords=bluetooth+security+key




    Or put a USB hub on everyones desk and have a yubikey type device they are required to plug in to unlock. Put it on an elastic string that is attached to them or something so that it pulls out if they walk away. If they wear lab coats for specific rooms the R&D goes on in then that is perfect for attaching the key to.
     
    Last edited: Dec 12, 2018
  5. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,213
    Joined:
    Nov 29, 2009
    Sounds more like a HR issue than an IT issue, people should be told to lock their PCs and if it's that serious maybe even be reprimanded if they keep failing to. Having stuff time out on you in the middle of your shift when you're sitting at the PC is annoying as hell and impacts production. Not all jobs involve actively using the computer, but the screens still need to be visible and you still need to be able to hop on and immediately use it when something happens like a phone call that requires you to check something.

    I work in a secured building so it's not really a huge deal to lock our PCs but I still do if I'll be leaving my desk for more than a minute. When I worked IT help desk if you didn't lock your PC, you would come out of the closet to the whole department via email... so you learned quick to lock your PC. :p

    Having something that works by proximity could work too, perhaps it could tie with the door access fob somehow.
     
  6. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,781
    Joined:
    Aug 24, 2005
    Sorry I've read through all of these, replied to a bunch, there's just zero reason someone can't just re-enter their password if they haven't used their pc in 15 minutes.

    Screen needs to stay on because of monitoring or watching 'x', great, NOCs do that all the time, there's a monitor with all the dashboards on it, and it isn't tied to a user PC, it stays on all the time.

    I have to check something when someone calls? Is the 5 second delay entering your password going to put the company out of business?

    It's not your PC, it's your company's. If they say there's a screensaver and your PC is going to lock, then it's going to lock and circumventing that is no different than violating any other company policy.

    If people don't like the company policies they can go start their own company, set their own policies, go work somewhere else, whatever.

    Boo effin hoo i have to enter my password again waaa waaaa waaaa.
     
  7. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,213
    Joined:
    Nov 29, 2009

    Exactly. There are lot of situations where screensavers are a huge pain in the ass and that is one of them. When they were pushing GPOs to make ours keep timing out you can bet your ass we found a way to stop it, while our boss was yelling at IT to make it stop. But this applies to workstations too. Not all jobs involve activly using the PC every given second, but it needs to be available in a pinch if the need arises. Tech in a pole in -40 calls to ask for information on a cable, I need to be able to quickly give him that information, not tell him to wait for 5 minutes while I re-login to everything because every RDP/Citrix session is timing out on me with screensavers, and then the computer itself too.

    Or a surgeon who opened up a medical record or Xray and is in the middle of surgery and then the stupid thing times out while he's looking at the endoscope and the xray at same time to do the procedure. etc...

    The whole hostile approach to IT of "it's our rules suck it up" is ridiculous and creates a hostile environment and can even cause loss of productivity.

    That said, yes it's good to lock your PC when you step away, but forcing it to lock on people when they are there is just ridiculous.
     
    Last edited: Dec 13, 2018
  8. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,666
    Joined:
    Aug 16, 2004
    That very much depends on the specific job, industry, and situation. And if the users won't lock it themselves, then they have to deal with the IT rules.

    The other thing is that our customers as well as the Nuclear Regulatory Commission require certain security policies. We get audited multiple times a year.

    If you work in an industry that doesn't require security.. great for you. I will be following security policy and enforcing it.
     
  9. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,781
    Joined:
    Aug 24, 2005
    Can you post the video of you taking 5 minutes to unlock your pc after the screen locks? I just want to see it for giggles because I'd like to see if you're trying to type the password in with a wet spaghetti noodle being the only thing allowed to touch the keyboard. Hang on....

    I just took 5 seconds from that 'hang on' line and locked/unlocked my pc twice.

    Still not buying anything anyone's sellin here on the omg I can't do my job if the screen locks after FIFTEEN MINUTES of not touching my mouse or keyboard. I guess that commercial with the kid ordering pizza with the trash can and having his microwave feed the dog is true.
     
    cyclone3d likes this.
  10. Kardonxt

    Kardonxt 2[H]4U

    Messages:
    2,667
    Joined:
    Apr 13, 2009
    I know this has been beaten to death but I'm in the "this is a management issue" boat. If I were consulting one of our HIPAA compliant or similar customers, I would strongly recommended users be written up \ terminated for intentionally bypassing security measures.

    I'm sure OP has better things to do than play whack a mole. I would let higher ups know they need to start writing up users or prepare to allocate a large amount of funds to implement new card \ proximity based systems. Just because Jim in design can't be bothered to type in his password.

    Edit, Just saw this is an old thread. Sorry for the semi warm body necro lol.
     
  11. valve1138

    valve1138 [H]ardForum Junkie

    Messages:
    9,915
    Joined:
    Apr 14, 2003
    Shit can one person who bypasses the lock screen.

    That'll learn the rest of them.
     
  12. plot

    plot [H]ardness Supreme

    Messages:
    4,798
    Joined:
    Apr 3, 2002
    i used to use an excel macro, worked great.

    my company uses smart codes though, and they put access doors to all office areas... so if you want to leave your office area, you gotta take your smart card, which locks your computer as soon as you remove it.

    and if you forget your smart card, people wont open the door for you until you bring popcorn or something.