System & Network Status: All systems functioning                 
Information TechnologySkip Navigation
Status Bar
Home
Services
Support
News and Publications
About Us
Projects

Screen Security Lock FAQ

What exactly is changing?
A security setting has been applied to your AD user account.  This setting will lock your desktop after 20 minutes of inactivity (keyboard or mouse movement).  To unlock your computer you will be required to re-enter your password. Currently this change only affects PC workstations.

I have a Mac.  What are you doing for Macs?
We are working on a similar automatic locking mechanism for Macs.  In the meantime, you can log off or restart to protect your Macintosh computer. The reason for the delay for Macs is that Microsoft already provides built-in features to facilitate screen locking via Group Policy Objects. We will need to build and test similar features for the Macs in our development environment before we can release them to campus.

Why is this change being made?
The problem originally was pointed out to the campus during a recent campus audit.   Locking workstations is on the "Top 10" of every computer security checklist, along with complicated passwords and changing passwords on a periodic basis.  Since the audit, IT has encouraged the campus community to lock their workstations (or logoff or restart), however we have not implemented an automatic locking mechanism.  With more information available online now, protecting your login credentials has become more important to assure campus and personal security.  If an intruder gains access to your workstation and it is not locked, he or she could access everything that you can access.

Which accounts will be affected?
All accounts in the AD domain will be affected. ACAD accounts will not be affected by this change.  

I don’t want to wait 20 minutes for the screen to lock.  How can I lock it myself?
You can continue to manually lock your workstation by following these steps: 1. Press the CTRL, ALT, and DELETE keys simultaneously. 2. Click the Lock Computer button.

Who decided to make the change?
IT management presented the idea to the campus Rollout Committee, the campus Information Security Committee, the President’s Administrative Board, and the Academic Senate Executive Committee.

Why haven’t I noticed any difference on my computer?
The automatic security setting is applied after you log off or restart your computer.

My office is not in a public place, so why should the automatic security setting be applied to my computer?
The security setting is applied to your user account, not to specific computers. You can log into any computer in the AD domain and you will be protected by the security screen lock.  This ensures that you are protected wherever you may log in.  The security feature cannot tell if your computer is in a locked room or in a public space. 

In addition, even if other physical protections are in place (such as a secured office), your logon session should still be protected.  Most offices on campus are not as secure as we might think, and it is not uncommon for individuals to leave their doors open or unlocked while they are away from their desks. Recent security breeches at other campuses have confirmed the importance of applying additional information security tools in addition to physical protections.

I don’t have access to any confidential data so why do I need this?
Everyone at the University has access to confidential data.  An intruder could steal all of your saved emails (and possible delete them) if he or she had access to your system.  Additionally, an intruder could install a key logger or remote control program to spy on you after he or she leaves.  Here’s other confidential data that might be accessed, altered, or deleted through an unlocked computer:

  • Your documents
  • Your address book
  • SIS+ data, either through the system of downloaded to your desktop
  • Your CWID (from the portal)
  • Your Pcard (through the portal)
  • Office Max purchasing (though the portal)
  • CMS (through the portal)

A lot of this seems to be about the portal.  I always log out of the portal so why do I need my screen to lock?
The portal uses pass-through authentication from AD computers.  So an intruder simply needs to browse to http://portal (just like most clients do) to access your portal. In addition, many users continue to extract data from the portal to create documents and reports that are then stored on their desktop or server.

Sometimes I am at my desk, doing something else, and the screen locks.  Why does it lock while I am sitting there?
The computer cannot tell whether you are sitting at your desk or whether you have left the room.  The screen lock security feature is driven by keyboard or mouse movement.

I restart my computer when I leave for the day.  Should I be doing something different?
Nothing has changed in that regard.  You should still restart your computer at the end of the day.  When your computer restarts, it logs you off, so your account is protected in the same manner as the security screen lock feature.  However if you leave your desk for a short time, the screen lock will help protect information you have access to in case you forget to lock the workstation.  If you prefer, you can also log off when you leave your desk, however this takes longer than locking the workstation and closes all open applications.

What should I do if I encounter a locked computer that I need to use?
You might have a shared computer and the other user might forget to logoff or restart when they leave. In this case you would be presented with a login screen asking you to unlock the computer. If you have been designated as an administrator, you can unlock the computer. This will log off the current user and close all their applications. If you are not an administrator, you can restart the computer with the reset button or by holding down the power button for a few seconds. This is not ideal as the previous user will lose unsaved work and the operating system could be damaged by a “hard” restart. We recommend users in shared environments keep this in mind and logoff or restart the computer if they will be leaving for an extended period of time.  

This is very inconvenient!
It takes only a few seconds to unlock a computer.  Here are some things that are inconvenient:

  • Someone deleting all your data.
  • Someone accessing your Pcard statement.
  • Someone changing grades that you store on your computer.
  • Someone altering your Blackboard class.
  • Someone stealing your CWID, address book, and personal information.
  • Someone accessing your online banking.

In addition, it is important to note that the screen security lock does not close any open applications. You can return to your computer and the documents you are working on simply by re-entering your password.

How do I get this change removed from my computer?
Currently there are no plans to allow individuals to be exempt from this feature.  This would completely defeat the purpose of having an automatic screen lock and jeopardize the security of university and personal information.  However, if the screen lock is causing unnecessary problems for you, we would like to find out what these issues are and help you through them.  Please email your concerns to the Help Desk at helpdesk@fullerton.edu or call us at x7777.

 

Support FAQ
Contact Info Search Home
This page is maintained by CalState Fullerton Information Technology. Report problems to the IT Webmaster. California State University, Fullerton ©2005. All Rights Reserved.