Teach your users how to automatically lock their NT Workstations

Are your users leaving their workstations unlocked while they go to lunch or on break? To get them out of that bad habit, teach them this simple trick to enable automatic locking.

Do you work for a company that, due to security concerns, requires its employees to lock their Windows NT 4.0 Workstations when they’re not at their desks? In my company, some employees have the authority to issue check amounts in the tens of thousands of dollars. For a dishonest employee, this means that an unlocked workstation has the potential to become a fancy ATM machine.

In order to prevent unauthorized access, we’ve instructed our users to lock their workstations when not in use. Unfortunately, I’ve found that most users often forget. They walk away from their computers for a few minutes and wind up taking a three-hour tour. To combat this bad habit, we’re teaching our users how to activate an “automatic” locking mechanism, an operating system setting that turns on the “lock” after a certain period of time. (In a Novell network environment, you might want to use NetWare Administrator to force these changes on a user’s profile; however, you should get management’s approval before you take that step.)

Spell it out for them
The following is the document I sent to my users. Feel free to borrow this format for use in your shop. (I refer to a flowchart for NT shutdown options, and you can get a copy of that document in the article “Help users understand the importance of network security .”)

Important message to all users
Recently, I distributed a flowchart that illustrates your startup, shutdown, and locking options for Windows NT. For security reasons, everyone must lock their workstations when away from the computer.

I have been a culprit of forgetting to lock my workstation. Frankly, sometimes a problem arises, and I rush off to correct it without locking my workstation.

I use a trick, however, to automatically lock the workstation, and you can use it, too. By making a small change in your screen saver settings, you can configure a pre-set time when the system will start the screen saver and “lock” the station automatically.

Locking your workstation is NOT optional
We must lock the workstations to meet internal audit requirements and protect our interests. Use the following procedure to configure the automatic locking procedure and screen saver on your workstation:
  1. Launch the Control Panel. Click the Start button, select Settings, and then choose Control Panel.
  2. Open the Display Properties window. Double-click the Control Panel’s Display option as shown in Figure A.

Select and double-click on the Display option from the Control Panel.

  1. Click the Screen Saver tab. Familiarize yourself with the Screen Saver Tab, as shown in Figure B. Pay careful attention to the Password protect, Wait, and Screen Saver options. Password protect is really the "automatic locking" checkbox. If you check this box, the computer will automatically lock after a certain period of time. You set that period of time by entering a number of minutes in the "Wait" field. In a nutshell, when this box is checked, the computer will wait for the specified number of minutes of inactivity and then lock the station. I recommend setting the waiting time to 15 minutes.

Figure B
The Screen Saver options let you configure your machine so it automatically shuts down after a certain amount of inactivity.

Be creative with your screen saver
Windows NT offers a number of standard screen savers. You can explore the various screen savers by selecting them from the drop-down box. Click the Settings button to customize the screen savers. Please note that the settings options are different for each screen saver.

When you’ve customized your settings, left-click Preview to test the screen saver configuration. Click OK to finish and save your settings.

Unlocking the station
As you probably know, you deactivate the screen saver by moving the mouse or pressing any key on the keyboard. To unlock the workstation, press [Ctrl][Alt][Delete], and then enter your network password (not your mainframe password).
If you’d like to comment on this tip or share your own techniques for getting users to behave, please post a comment below or follow this link to write to Jake .

Editor's Picks

Free Newsletters, In your Inbox