The vendor has a lot of customers and routinely uses
GoToMyPC for support. In an ideal world for the vendor,
there would be no password protected screen-saver to
deal with. In other words, they could log on as needed
(different time zones) to do maintenance. The screen-
saver actually is a disruption to them, but since the
server is in a common area, I use it. I also use it
so that I can keep track of the vendor's maintenance
(if something breaks after they log on, then I may
want to call them)...they have to ask us to unlock the
screen-saver.
When I am not there, a trusted co-worker needs to be
able to unlock the screen-saver.
I am not understanding the suggestions to make the
trusted co-worker a local administrator. Since the
server is a domain member server, I logon as the
domain administrator. Then it goes to password
protected screen-saver after 60 minutes of inactivity.
I know it needs an administrator's password to unlock
the screen-saver. I have assumed that meant my domain
administrator password instead of a local administrator
password. I will test this tomorrow at work.
Tom Milliner, CPA, MCSE
2404 Summer Place Dr.
Irving, TX 75062
(214) 540-2741
tom.milliner (at) verizon (dot) net [email concealed]
-----Original Message-----
From: Patton Roub [mailto:proub (at) state.wy (dot) us [email concealed]]
Sent: Tuesday, February 08, 2005 6:22 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]; tom.milliner (at) verizon (dot) net [email concealed]
Subject: Re: Password Protected Screen Saver and Administrative Password
Is this a Windows 2000 Server or Windows Server 2003? If it
is, then you should consider terminal services in maintenance
mode. It requires no additional license purchases (two are free)
and your vendor can connect without going through a fourth
party's server equipment (GoToMyPC)(trusted?/untrusted?)
to get there. They would log in as themselves (event logging
good) and their access rights can be controlled. In terminal
services, they also would not see your screen saver as they
would have their own session/desktop/etc.
Does someone know a way to allow a normal user to
release a server password protected screen-saver
without giving the user the administrator password?
I need this so that third-party support can access
our server via GoToMyPC when I am not there. The
password protected screen-saver blocks them from
remote access to fix problems. I cannot always be
on-site to assist by supplying the screen-saver
password.
Tom Milliner, CPA, MCSE
tom.milliner (at) verizon (dot) net [email concealed]
GoToMyPC for support. In an ideal world for the vendor,
there would be no password protected screen-saver to
deal with. In other words, they could log on as needed
(different time zones) to do maintenance. The screen-
saver actually is a disruption to them, but since the
server is in a common area, I use it. I also use it
so that I can keep track of the vendor's maintenance
(if something breaks after they log on, then I may
want to call them)...they have to ask us to unlock the
screen-saver.
When I am not there, a trusted co-worker needs to be
able to unlock the screen-saver.
I am not understanding the suggestions to make the
trusted co-worker a local administrator. Since the
server is a domain member server, I logon as the
domain administrator. Then it goes to password
protected screen-saver after 60 minutes of inactivity.
I know it needs an administrator's password to unlock
the screen-saver. I have assumed that meant my domain
administrator password instead of a local administrator
password. I will test this tomorrow at work.
Tom Milliner, CPA, MCSE
2404 Summer Place Dr.
Irving, TX 75062
(214) 540-2741
tom.milliner (at) verizon (dot) net [email concealed]
-----Original Message-----
From: Patton Roub [mailto:proub (at) state.wy (dot) us [email concealed]]
Sent: Tuesday, February 08, 2005 6:22 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]; tom.milliner (at) verizon (dot) net [email concealed]
Subject: Re: Password Protected Screen Saver and Administrative Password
Is this a Windows 2000 Server or Windows Server 2003? If it
is, then you should consider terminal services in maintenance
mode. It requires no additional license purchases (two are free)
and your vendor can connect without going through a fourth
party's server equipment (GoToMyPC)(trusted?/untrusted?)
to get there. They would log in as themselves (event logging
good) and their access rights can be controlled. In terminal
services, they also would not see your screen saver as they
would have their own session/desktop/etc.
Patton Roub, BSEE, MCSE
proub (at) state.wy (dot) us [email concealed]
>>> "Tom Milliner" <tom.milliner (at) verizon (dot) net [email concealed]> 2/7/2005 8:07:04 PM >>>
Does someone know a way to allow a normal user to
release a server password protected screen-saver
without giving the user the administrator password?
I need this so that third-party support can access
our server via GoToMyPC when I am not there. The
password protected screen-saver blocks them from
remote access to fix problems. I cannot always be
on-site to assist by supplying the screen-saver
password.
Tom Milliner, CPA, MCSE
tom.milliner (at) verizon (dot) net [email concealed]
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]