Educause Security Discussion mailing list archives

Re: Locking Computer Policy

From: "Burns, Denis" <denis.burns () MED FSU EDU>
Date: Thu, 2 May 2019 13:48:00 +0000

Hi Ron,

We push policy to all domain machines with inactivity timers set to:

a)       15 minutes for all standard machines issued to users

b)      30 minutes for classroom and conference room computers

We also have an exception process that allows certain machines to not have these policies applied (digital signage, 
security camera monitoring stations, etc).

Additionally, as of Windows 10, we have removed admin privileges from all accounts used for interactive sessions.  This 
inhibits our folks from installing ‘mouse wiggler’ applications to circumvent the policy.

Best,
-d

PS – Great area that you live in.  I grew up next door in Denville.

Denis Burns Information Security and Privacy Officer - College of Medicine - Florida State University
(850) 644-3648 – denis.burns () med fsu edu<mailto:denis.burns () med fsu edu>  *** Be a cyberhero! Build a safe 
cyberspace at Florida State. ***

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ronald Loneker
Sent: Wednesday, May 1, 2019 6:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Locking Computer Policy

[Notice: This email originated outside of the College of Medicine.]
________________________________
Hi Everyone -

We looking to set up a group policy to push out to some of our end users to automatically lock a computer after a 
certain period of inactivity - especially in departments that have elevated privileges or access to sensitive data.

We are noticing some people not following procedure on this, and we want to take action.

What best practices are you using at your institution in terms of the amount of time before a computer locks 
automatically during inactivity?

Thanks in advance for your thoughts on this.

Ron Loneker, Jr.
Director, IT Special Projects
College of Saint Elizabeth
Mahoney Library
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229<tel:973-290-4229>

e-mail:  rloneker () cse edu<mailto:rloneker () cse edu>


CSE's IT department will never ask for your password, social security number or other personal information in an e-mail 
message.

Please do not share any information with others!

Current thread:

Locking Computer Policy Ronald Loneker (May 01)
- Re: Locking Computer Policy Mandi Witkovsky (May 02)
  - Re: Locking Computer Policy Andregg, Bryan Courtney (May 02)
  - Re: Locking Computer Policy King, Ronald A. (May 06)
- Re: Locking Computer Policy Tom Miller (May 02)
  - Re: Locking Computer Policy Ronald Loneker (May 06)
- Re: Locking Computer Policy Julian Y Koh (May 02)
- Re: [External] [SECURITY] Locking Computer Policy Gregg, Christopher S. (May 02)
- Re: Locking Computer Policy Burns, Denis (May 02)
  - Re: Locking Computer Policy Ronald Loneker (May 06)
- Re: Locking Computer Policy Dave Broucek (May 02)