Sometimes system administrators set a shorter (than agreeable) idle timeout for your screensaver (eg. via group policy) and do not grant you the rights to change it. Eg. some people think that 10 minutes of "inactivity" (ie. no mouse or keypress) must mean that you've left your computer and it must be locked to prevent malicious access. Obviously I'm not such an administrator and I think that enforcing this kind of security assuming everybody is a moron and incapable of locking their workstation if going away is a bad thing (locking every workstation after 10m of inactivity will not improve the company security ... in fact I believe that it'll just make everybody angry and it'll drive people to try to circumvent the limitation ... sometimes opening a lot larger security whole in the process).
There're a number of ways to work around the screensaver timeout so why bother with it at all? Let's see a few ...
Since the stupid screensaver timeout can be easily fooled in a number of ways, why do some admins think of it as some sort of "first line of defense"?
The basic rule of computer (and actually any sort of) security is: if one has physical access to something, it can be assumed that she/he can hack into it. If somebody relies on an idiotic 10 minute (or less) screensaver timeout to provide security, chances are her/his network got already hacked by some annoyed coworker.
|ss.vbs||135 bytes |