Make Windows ask for password again

[dyoung5]

Hi.

Not sure if this is even possible.

First a bit of background: we are trying to integrate all our systems so that staff only have one username/password across everything. I want to use SIMS.net trusted logins so that it works with AD. The DHT doesn't like the idea of once a computer has signed on, the user can access SIMS without entering a password.

What I want to know is, is there any way of getting Windows to ask for the user to re-authenticate before opening cirtain programs (i.e. SIMS).

Thanks.

David

[BJG]

I think the DHT is misguided. If we had single log-on here, they'd be delighted. Surely the whole idea is to reduce the need for staff to keep logging into different systems; or if not it sounds like it would be simpler to keep things as they are. Perhaps you could discuss their concerns about it?

Otherwise, maybe you could look at a general-purpose utility to password protect programs like this one:

Program Protector 3.2 - Program Protector is unique, state of art security utility that allows you to...

Another possibility might be to password-protect the folder containing the application shortcuts.

[dyoung5]

Thanks BJG but thats not quite what we're after. We do want single log on, but we want them to enter the same username and password as they use with windows to get into SIMS. I know I'm not being very clear, but its a difficult thing to explain.

[localzuk]

This isn't possible I'm afraid - another user brought it up a while back, and it went on the Capita supportnet site, where it received mixed reviews.

I don't see the issue that your DHT has myself. A machine should not be left unlocked anyway, so what does it matter if a user can get straight into SIMS.net?

Would that not do? ie. enable password protected screensaver and then have it auto-lock after a few minutes?

[dyoung5]

I agree with you that computers should not be left unlocked, but sometimes staff leave computers.

The only way I thought of doing it was to use TS RemoteApp in Server 2008, because that asks you to authenticate IIRC. I was just wondering if there was any way to duplicate the effect locally.

[localzuk]

I agree with you that computers should not be left unlocked, but sometimes staff leave computers.

That's what the screensaver lock is for...

[dyoung5]

Well I have suggested that, but it didn't seem to float. Anyway, I'll keep trying, we've only talked about it once.

What do you do about staff not logging off? do you get a lot of requests to unlock computers?

Thanks,

David

[localzuk]

Well I have suggested that, but it didn't seem to float. Anyway, I'll keep trying, we've only talked about it once.

What do you do about staff not logging off? do you get a lot of requests to unlock computers?

Every teacher has their own laptop here, so this isn't an issue.

[mrforgetful]

We toyed with SIMS single Sign On but didn't like not needing a password like your DHT.

To be honest, I'm not sure what you're trying to acheive here at all?

Why work to get SSO working then work more to find a way to enter a password?

Why not just leave it as it is, prompting for a password?

Incidentally we also use the Password Screen saver after 10 minutes.

[Domino]

He's trying to get it to need a password, but have that username/password synced with the domain one so they don't need to remember two.

However has your DHT considered they may also just leave SIMS logged in too?

Basically this is an staff education issue rather than a technical one - does your AUP mention security protocols/standards? it should, then you can start to enforce them.

Basically everyone needs to be onside, it'll usually only take a couple of people getting warned by SMT to make everyone sit up and notice - I'd suggest making a huge deal about the intro of SSO and hammering home the security knock-ons in a training session/inset day

[Michael]

I think Smartcards are the way forward and it's a technology they've used in banks for years. You must enter your card first, then type your password as normal.

The trick is to have the card attached to you (usually around the waist), so if you walk away, the card is ejected and the workstation is automatically locked.

[jamesb]

The trick is to have the card attached to you (usually around the waist), so if you walk away, the card is ejected and the workstation is automatically locked.

Implanted RFID tags. Much better option, and if you set up your wireless right you can keep track of when those problem users are heading towards you as well.

[localzuk]

Implanted RFID tags. Much better option, and if you set up your wireless right you can keep track of when those problem users are heading towards you as well.

Pah! Brain scans, much better. And truly unique.

[tmcd35]

Pah! Brain scans, much better. And truly unique.

I know a few people that'll fail on that - The brain scanner would continuously return - NUL

[penfold]

I know a few people that'll fail on that - The brain scanner would continuously return - NUL

Lol, think we all know people like that

But I agree with Domino, it is a staff training issue rather than a technical one. I dont like it when staff issues get forced into an IT issue because people aren't willing to use things properly and rather than being pulled up for it(ie not locking your computer when your away)

And we have an automatic screen lock on staff logons because there were far too many times when I walked into a room where a teacher was left logged on but not in the room. It may not have been a problem except it would be lunch/break time and pupils were using the room unsupervised.