Windows 7 – Main Password Dialog

Main Password Window

Click to see full size screen-shot.

Windows XP – Main Password Dialog

Click to see full size screen-shot.

The Main Password dialog allows the user to enter their password to unlock the workstation.The text and dialog height are configurable by the administrator. The Admin, Message, and Logoff buttons can be hidden. The Admin button activates the Administrator Password dialog. The Message button allows a visitor to the workstion to leave a message that will be viewed by the user after unlock. By default, the Logoff button is not shown.

Admin Password

Click to see full size screen-shot.

The Admin Password Dialog is lauched by pressing the “Admin” button on the Main Password dialog. It allows administrators to unlock the workstion without logging out the current user.

Display Properties

Click to see full size screen-shot.

On the Display Properties dialog, the Screen Pass tab replaces the standard Screen Save tab. Settings locked down by the administrator are displayed in gray. The wait time is subject to the maximum and minimum limits imposed by the administrator. If the max and min times are equal, the ‘Wait’ time is grayed. Only screen savers allowed by the administrator are listed in the screen saver selection dialog.

Advanced Settings

Click to see full size screen-shot.

The Advanced Settings dialog is displayed by pressing the ‘Advanced’ button on the Display properties dialog. It shows current state of advanced features and allows users to change settings that are not locked down by the administrator. Enforced settings are grayed.

Password Protection

Click to see full size screen-shot.

The password protection, auto logout, and auto shutdown features have additional dialogs for their advanced settings. The Password protection dialog includes the hours when password protection is active. The ‘Always’ button resets the hour fields for 24 hour protection. The screen saver grace period is the length of time after the screensaver starts but before the workstation is locked. If the mouse or keyboard event occurs during the grace period , the screen saver goes away without prompting for a password. By default the grace period is 0 seconds. The checkbox option at the bottom prevents the screen saver from starting if password protection is off. By default password protection is always on. Administrators can modify these setting using policies . Users can make changes only if the administrtor explicitly sets a policy to allow so.

Auto Logout

Click to see full size screen-shot.

On the Auto Logout dialog the Wait time is the number of minutes after the workstation is locked. The Active hours specify the time of day that the idle workstation will be subject to automatic logout. The End time can be before the Start time. For example, a Start and End of 17:00 and 09:00 respectively, will cause the auto logout to be in effect only after normal business hours. The auto logout Action specifies whether the workstation will logoff, shutdown, restart, or hibernate (if supported). Normally, auto logout will force active programs to close, thereby causing the loss of unsaved data. The check box option at the bottom prevents autologout from occurring if any open applications have unsaved data. This option is not applicable if the Hibernate action is selected. All options can be locked down by the administrator.

Event Logging

Click to see full size screen-shot.

The Events dialog is opened by pressing the Events button on the Display Poperties dialog. It indicates which Screen Pass events are being recorded and where they are being stored.

Group Policy

Click to see full size screen-shot.

Above is an image of the Group Policy editor once the Spadmin template has been loaded. Administrators who choose not to use Group Policy can still lock down any and all Screen Pass settings using “Standalone” policies. This method involves pushing registry settings directly to the workstation without using the Group Policy mechanism.

Extended Right

Click to see full size screen-shot.

Screen Pass recognizes true network administrators based standard network rights, but a powerful feature of Screen Pass is the ability to grant rights to unlock workstations without granting true administrative authority. For Active Directory networks, one way to do this is to add an extended right to the directory and to assign trustees based on this right using the Active Directory for Users and Computers. This right can be added or removed from your directory using the “Extended Right Utility” installed with the Screen Pass Admin tools.

Another way to grant unlock rights to non-administrators without requiring Active Directory is by using “paired groups”. See the help file for more information on this method.

Suspend Screen Saver

Click to see full size screen-shot.

Screen Pass provides a method of temporarily suspending the screensaver when certain applications or titles are active, without compromising security. This feature is useful at times when screensaver activation is unwanted, such as during a slide show or video presentation

Remote Control

Click to see full size screen-shot.

Administrators can change the lock state, the logon state, or the power state of a workstation without having to visit the workstation. Screen Pass remote control works in conjunction with ActivTrak, the workstation activity monitoring system available separately.