Screen Saver Lockout for Staff - Preventable on certain systems?
So last night I decided I'd enable a Screen Saver lockout policy. All Screen Savers in the building for staff accounts only lock out after 5 minutes. I taught them the Windows Key + L combination for locking their systems last year and you guys as systems engineers as well would know how many people actually do that, I'll give you a hint, it's less than 5 :D
So I enabled the Screen Saver policy. Of course, it's now the next morning, and I've received one complaint. The only complaint was that the office staff didn't want it. What was funny about that was they said "ya we just get up and go to the file room for a second and get some files, go to put my lunch away in the fridge, and then come back, and it's locked and we have to type in our password" as I give them a rather blank look thinking to myself "yes, there lies the vulnerability, that's why it's locked. I'm sorry I took a second out of your day to retype it and secure your system while you left it :cool: " Oh well, I bumped it up to 10 minutes for them, we'll see how it goes.
So anyways, what I'm wondering is, well, first off, what are your opinions and successes of the lockout policy? I enabled it first off because of course we have some people called students in the building :D and as charming as a lot of them are, as a security precaution I prefer the systems with raised privileges, the staff, have a locked system. What are your stories about using the Screen Saver and a wake up password prompt?
Ok, now for the question. The teachers can log into projector laptops, as can the students. Since the GPO is applied to all staff, if the staff log into a laptop, the policy still applies. Now, for PowerPoint and Windows Media Player, that's not a problem, because as far as I know those programs temporarily disable the Screen Saver, but if the teacher has a word document up on the screen or something with notes for the students, or even a youtube clip, the screen saver will activate after 5 minutes. Is there a way to NOT apply the policy IF the teachers are signed into a certain system? I know that might be hard, and I have bad experience with loopback policies screwing things up, but if anyone has similar situations or suggestions that would be totally rad.
Thanks again! Stay cool. It's getting hot out here where I live. Thank God the server room is the coolest place in the building due to AC.