Educause Security Discussion mailing list archives

Re: passworded screen savers with timeouts, why?

From: "Waller, Michael A. (HSC)" <Michael-Waller () OUHSC EDU>
Date: Fri, 15 Dec 2006 13:13:44 -0600

We have a policy that requires users to lock their workstations when they step away. We use the password-protected 
screensaver (after 10 minutes) as a backup when the user forgets. We require this on all workstations on campus, though 
we have some exceptions here and there in clinical areas where the 10 minute time limit didn't make sense from a 
patient flow perspective. We did have some users complain vehemently, but then we discovered that due to some power 
management settings, the machines in question were actually going into sleep mode after a short time frame, which made 
the process of logging back in take significantly longer. You might watch out for things like that during 
implementation.


Mike Waller   CISSP
Information Technology, Information Security Services
The University of Oklahoma Health Sciences Center
 
Confidentiality Notice
This e-mail, including any attachments, contains information from the University of Oklahoma Health Sciences Center, 
which may be confidential or privileged. The information is intended to be for the use of the individual or entity 
named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the 
contents of this information is prohibited.
 
If you have received this e-mail in error, please notify the sender immediately by a "reply to sender only" message and 
destroy all electronic and hard copies of the communication, including attachments.



-----Original Message-----
From: Michael Fox [mailto:Mfox () GEORGIASOUTHERN EDU] 
Sent: Thursday, December 14, 2006 3:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] passworded screen savers with timeouts, why?

 We are in the implementation stage of password and workstation
policies. My questions, which comes from a number of users, is why a
screen saver with a timeout period that requires entering a password
when unlocking the screen saver?

I have my answers (not a lot) for this but I would like to see what
others would have to say about this. It is part of a DID from my
perspective, but  not the only piece for the workstation.

Any opinions about this one way or another would be appreciated
(hopefully most would be for locking the workstation). 

Oh, by the way we are doing this with Novell Zenworks.

Thanks in advance,

Mike

Mike Fox
Georgia Southern University
Information Technology Services
Office of Information Security
mfox () georgiasouthern edu
(912)871-1592

Jeremiah 29:11-16

Current thread:

passworded screen savers with timeouts, why? Michael Fox (Dec 14)
- <Possible follow-ups>
- Re: passworded screen savers with timeouts, why? Selden E Ball Jr (Dec 14)
- Re: passworded screen savers with timeouts, why? Chris Green (Dec 14)
- Re: passworded screen savers with timeouts, why? Bob Kehr (Dec 14)
- Re: passworded screen savers with timeouts, why? Bruce Curtis (Dec 14)
- Re: passworded screen savers with timeouts, why? Chris Green (Dec 14)
- Re: passworded screen savers with timeouts, why? Jim Dillon (Dec 15)
- Re: passworded screen savers with timeouts, why? Valdis Kletnieks (Dec 15)
- Re: passworded screen savers with timeouts, why? Waller, Michael A. (HSC) (Dec 15)
- Re: passworded screen savers with timeouts, why? Geoffrey S. Nathan (Dec 15)