ScreenSaver lock

Post by **ALLiED** » Tue Jun 27, 2006 1:41 am

So our system admins here at work decided that if your computer is idle for 15 mins it will automatically lock your workstation. Thats find and dandy but I use another machine that has a real time display of incoming calls and other stats, and thats the ony thing it gets used for. Is their anyway of changing the timeout for them in the reg? They took away the option to change it on the display properties so it doesn't even show any more.

Post by **Foo** » Tue Jun 27, 2006 11:20 am

You need to talk to them and get them to move that PC into a container on the OU with a different screensaver policy.

Post by **Tormentius** » Tue Jun 27, 2006 4:29 pm

Foo wrote:You need to talk to them and get them to move that PC into a container on the OU with a different screensaver policy.

:icon14:

Post by **ALLiED** » Tue Jun 27, 2006 5:57 pm

So I emailed the man and his reply:

"Sorry Jim, but if the account is in Active directory, then it will have the policy applied.

A “local machine” account would not be affected by the policy, but then, you would not see anything on the network either".

Post by **Foo** » Tue Jun 27, 2006 6:08 pm

It's not an unreasonable stretch to request that they create a policy with a different screensaver rule, since it's quite common within a business to have some machines on site which sit in a corner and act as displays.

Don't they have PCs in the conference rooms? If those PCs have a screensaver on them that could interrupt conferences when using some presentation materials (flash springs to mind), so there's probably a legitimate reason to have such a policy put in place.

Failing all this, you can go low-tech and hook up a mouse or keyboard to the machine and place it somewhere where it gets constant motion. For example, dangle the mouse down off the edge of a desk next to a doorway, or drape it near a fan so it blows around. Low-tech, but it gets the point across.

Post by **Captain** » Tue Jun 27, 2006 6:43 pm

Foo wrote:Failing all this, you can go low-tech and hook up a mouse or keyboard to the machine and place it somewhere where it gets constant motion. For example, dangle the mouse down off the edge of a desk next to a doorway, or drape it near a fan so it blows around. Low-tech, but it gets the point across.

Ingenious! :icon14:

Post by **FragaGeddon** » Tue Jun 27, 2006 6:53 pm

So ummm, how would drapping the mouse near a fan prevent it from going into the screensaver?
Even if you hold a laser mouse 1/4 inch off the desk, it becomes inactive.

Post by **Foo** » Tue Jun 27, 2006 6:57 pm

FragaGeddon wrote:So ummm, how would drapping the mouse near a fan prevent it from going into the screensaver?
Even if you hold a laser mouse 1/4 inch off the desk, it becomes inactive.

Definitely works for ball mice but it worked for an optical for me when I figured it out on placement. Still picks up some light input/motion. If it's really a problem just sellotape a small flap of cardboard in front of the sensor so it dangles freely as well.

Post by **Captain** » Tue Jun 27, 2006 8:34 pm

Hmm, actually for an optical mouse I think you can just place it upside down and it will remain active. I'm not sure, but it would be a good combo with the fan.

Post by **Tormentius** » Tue Jun 27, 2006 9:58 pm

@ Allied:

Your network admin is a moron. For one its never bright to apply many policies at the domain level and for two there are a number of ways to exclude machines from group policies in Active Directory. Its even worse if he's applying anything other than password policies using the Default Domain Policy (judging by his response, I wouldn't be surprised). Here's a step by step on how he can accomodate your request and get a little more organized in the process:

1) Create a new GPO named Disable Screensaver or something else descriptive and enable the "Password protect the screensaver" and the "Screensave timeout" policies under Administrative Templates/Control Panel/Display. These are both found under User Configuration.

2) Disable the Computer Configuration half of the policy so that it don't needlessly process every boot and logon

3) Separate the computer account objects in Active Directory into logical OUs (Organizational Units). An easy way to do this is by geographic location and then create sub-OUs for different departments. Place the machine(s) which shouldn't have the screensaver policy enforced into a different OU or place them in a sub-OU and set the Block Inheritance option on the sub-OU

4) Link the newly create Group Policy to the OUs that need to have screensaver password enabled (all OUs under the parent OU will inherity the setting unless the Block Inheritance property is flagged on an OU's properties.

He could also simply filter just the PC running stats out of the policy by doing the following:

1) Open the Group Policy Management Console
2) Highlight the policy which includes the "Password protect the screensaver" setting
3) in the right hand pane under security filtering choose Add
4) Search for the computer object in question and Deny it the "Apply Group Policy" right

The second method will exclude that policy from applying to the single workstation which is giving you trouble. Oh, and lastly tell your manager to recommend they hire a network admin who knows something about AD administration.

Post by **Tormentius** » Tue Jun 27, 2006 10:03 pm

Btw, trying to bypass a GPO (if regedit can even be accessed) through the registry won't help since your changes will be overwritten every 90 minutes when the policies refresh.

Post by **ALLiED** » Tue Jun 27, 2006 10:35 pm

wow, thanks for that. This is tipical for admins here, they make changes without thinking because it might be better for security, and it's also causing us to recieve 100+ extra calls a day because of this change. We use Novell and NT, so when a user 1st signs into their machine they need to put their Novell password then they get prompted to enter their network password..and now that it locks after 15mins users are suspending the account because they don't kow which on to put in, and they also cant figure out how to sync their passwords up either. I can't wait till we get rid of novell.

Post by **Tormentius** » Tue Jun 27, 2006 10:40 pm

You're welcome. I sure don't envy you the environment though.

Post by **MKJ** » Sun Jul 02, 2006 2:11 pm

disable network updates, and go to the registry to disable password protected screensaver.

they did the same (along with activating active desktop and installing a custom theme) here. fucking pissed me off. all fixed now though :icon32:

Post by **+JuggerNaut+** » Sun Jul 02, 2006 3:23 pm

MKJ wrote:disable network updates, and go to the registry to disable password protected screensaver.

they did the same (along with activating active desktop and installing a custom theme) here. fucking pissed me off. all fixed now though :icon32:

lol you have access to the reg

Post by **Tormentius** » Sun Jul 02, 2006 3:47 pm

MKJ wrote:disable network updates, and go to the registry to disable password protected screensaver.

they did the same (along with activating active desktop and installing a custom theme) here. fucking pissed me off. all fixed now though :icon32:

If your admins were half competent you wouldn't be able to access the registry tools or the command prompt. Thats just basic, and if no other policies are applied to users those two at the very least should be.