I was recently called in to consult with a small IT staff to perform some extensive troubleshooting operations. While most of my task involved testing workstations, part of the project required that I have access to the server room where I needed to observe various counters in Performance Monitor. The Windows 2000 servers were running password-protected screen savers to prevent unauthorized access, so the administrator I was working with accompanied me to the server room and logged in the first time.
To make things easier, I asked for the passwords so that I could access the systems myself should the screen saver activate while I was observing. Although I promised confidentiality, the administrator informed me that the corporate IT department had a strict security policy regarding servers linked to the corporate office; it prohibited outside parties from having any access to server passwords. He would have to accompany me to the server room and log in each time I needed to check Performance Monitor.
At first, I didn’t complain since they were paying me by the hour. However, after the second day, the routine was getting a bit old.
That’s when I discovered a shareware program called Transparent Screen Lock from a company called e-motional.com software. This little program locks down the system exactly like Windows 2000 Server’s password-protected screen saver features does, but leaves the display visible. I could quickly check on Performance Monitor counters at any time without having to touch the servers.
When I introduced my colleague to this program, he was thrilled to learn about such an elegant solution. Let’s take a look at how Transparent Screen Lock works.
Running screen savers on servers?
Let me address a common aversion many system administrators have to using screen savers on network servers. When I first mentioned the words screen saver in the same sentence as the words network server, the administrator that I was working with immediately expressed shock that I would propose such blasphemy.
He then informed me that he only used the Default Screen Saver, which simply blanks the screen, on all the servers. In fact, he had gone so far as to actually delete all the SCR screen saver files except for the Default Screen Saver file—Scrnsave.scr—from each one of the servers. He then explained how he had once been burned by using OpenGL screen savers on his servers.
(OpenGL screen savers can consume a great deal of CPU time because of their complex 3-D graphics. When CPU time is gobbled up by an OpenGL screen saver, other services, such as the Server Service, must wait until the screen saver computations are complete or until the screen saver uses up its full CPU time slice. An entire network can suffer a severe performance hit due to a simple screen saver. In fact, it wouldn’t be surprising to see CPU utilization on a system running an OpenGL screen saver at anywhere from 75 to100 percent.)
After he calmed down, I explained that while the Transparent Screen Lock program behaves like a screen saver, in that it can be configured to activate itself after a period of inactivity and respond to mouse or keyboard activity, it works more like the Windows 2000 Lock Computer feature you access by pressing [Ctrl][Alt][Delete] and selecting the Lock Computer button. In fact, when it’s running, the Transparent Screen Lock program doesn’t use any CPU time at all.
Taking the configuration tour
Once you download and install Transparent Screen Lock, you’ll find two items on the submenu that it adds to the Start menu—Lock Now and Transparent Screen Lock. (You’ll also find these two shortcuts on the desktop.) Of course, the former immediately activates the program, and the latter opens the configuration dialog box shown in Figure A.
|The configuration dialog box initially presents you with very basic program options.|
As you can see, the first option you can enable is the Timeout Interval, which allows you to configure the program to activate itself after a period of inactivity. In the General section, you can opt to have the program ignore mouse movements when it’s active as well as show the cursor.
If you choose to have the program ignore mouse movements, the only way to regain control of the system is to press any key on the keyboard. Leaving the mouse cursor hidden is advisable since it completes the illusion that the system is inaccessible. When Transparent Screen Lock is activated, it momentarily displays a small splash screen, and you can disable that as well.
By default, when Transparent Screen Lock is activated, pressing [Ctrl][Alt][Delete] will bring up the Windows Security dialog box with all the buttons, except Cancel, disabled. This prevents someone from using the options in the Windows Security dialog box, such as Log Off, to work around the security imposed by Transparent Screen Lock.
On the Desktop tab, shown in Figure B, you’ll find three options for hiding items on the desktop. To begin with, you can prevent the taskbar from appearing when the program has locked the system. You can even hide all the desktop icons.
|The Desktop tab provides three options for hiding items on the desktop.|
When Transparent Screen Lock is running, it appears on the taskbar under the title Password Lock. If you want to have the taskbar visible in order to see what programs are running on the system and don’t want Transparent Screen Lock to use space on the taskbar, you can prevent it from doing so.
If you select the Passwords tab, shown in Figure C, you can configure which passwords you want Transparent Screen Lock to accept. By default, the program will only accept the current user’s login password; however, it you’re really security conscious, you can configure a separate password specifically for unlocking the system.
|Transparent Screen Lock allows you to specify which passwords you want it to accept.|
Now, if you’re working on tracking down the movements of an intruder, you’ll want to take advantage of the settings on the Log Files tab, shown in Figure D. As you can see, you have multiple options for keeping track of unauthorized access attempts. In addition, you can keep track of authorized access.
|You can use the logging features to keep tabs on system access.|
Locking down the system
In addition to configuring Transparent Screen Lock to automatically activate itself after a period of inactivity, you can manually lock down the system in a number of places. As I mentioned, there are Lock Now shortcuts on the desktop and on the Start menu. And, as you may have noticed, there is a Lock Now button at the bottom of the configuration dialog box. You’ll also find a Lock Now button on the Quick Launch toolbar.
If you have a native Windows screen saver configured to run on the system, the first time you activate Transparent Screen Lock, you’ll be prompted to automatically disable the built-in screen saver. Then, Transparent Screen Lock will lock down your system.
While Transparent Screen Lock is running, you can see the screen and any running applications whose windows are open on the desktop. However, when you press any key on the keyboard, you’ll see the Unlock Computer dialog box shown in Figure E. After you type in your password, you’ll have access to the system.
|When you press any key, you’ll see the Unlock Computer dialog box, and you'll be prompted to enter the password.|
Getting a copy of Transparent Screen Lock
You can download a seven-day evaluation copy of Transparent Screen Lock from e-motional.com software. If you want to keep the application, you can purchase a single-copy license or, for one to nine users, you can pay $24.95 for each license. The charge for each license decreases if you decide to purchase more copies of the application. Larger volume user license packages are also available. And, best of all, you can purchase Transparent Screen Lock right on the e-motional software Web site.
Transparent Screen Lock runs on Windows 2000, NT, and XP and requires 1 MB of hard disk space and at least 16 MB of RAM to run. There is even a version of the program designed to run on Windows 95, 98, and Me.
Above and beyond
When I introduced the system administrator to the Transparent Screen Lock program and explained how it would allow me to perform my monitoring operation without having to interrupt him each time I needed to access the servers, he was impressed. We immediately got online, went to the e-motional Web site, and purchased the nine-copy license. We then installed it on all their servers.
Once Transparent Screen Lock was up and running, I was able to work more smoothly within the confines of my client’s security policy and was able to finish my current task much more quickly. Furthermore, I impressed the system administrator so much that I’ve been called back several times to participate in other consulting projects I might not have gotten otherwise. In this case, providing service above and beyond the call of duty has really paid off.
Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.