Locking a workstation vs. logging off

Locking a workstation vs. logging off

 

Locking a workstation vs. logging off
Adesh Rampat

In Windows NT/2000, the security dialog box (available by selecting CTRL ALT and DELETE Keys) presents your users with two options:

  • The log off option - closes all current applications and prompts for a new username and password.

     

  • The lock computer option (or workstation as in the case of Windows NT) - leaves all current applications running and allows for only the current user or an administrator to log on.

     

The question is ,which should your users employ? It's likely that most users never even consider that question, but there are reasons for choosing each option.

Your users of Windows NT/2000 workstations should employ the lock option when leaving their work area for a prolonged period. This option allows only the current user or someone with administrator log on privileges to operate the workstation, thus further enhancing network and workstation security. If your user, expecting to be away from his computer for an extended period of time, uses the log off option, then any user who has a valid user account and password for network resources can log on to the workstation, thus gaining access to the workstation. (Previous tips on this site have shown how to create a shortcut that will automatically lock the workstation.)

Of course, if a workstation has more than one user

    Requires Free Membership to View

    Login

    By submitting your registration information to SearchWindowsServer.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchWindowsServer.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

assigned to it, the log off option will have to be used. In this case, however, is it wise to set the number of past logons so that the administrator can be able to look at a history of previous users who logged on to the workstation.

To set the number of past logons, the network administrator will need to perform registry editing. It is advisable to back up the registry before performing the following steps:

  1. Start the Registry Editor

     

  2. Select HKEY_LOCAL_MACHINESOFTWARE\MicrosoftWindowsNT\CurrentVersion\Winlogon

     

  3. Click on Edit select New | String Value

     

  4. Enter CachedLogonsCount and press Enter

     

  5. Double click on the new value and set this value to any number based on the information supplied above, with 0 being the lowest and 50 being the highest.

     

  6. Then click OK

Exit from the registry editor and reboot the machine.

Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association Of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.


This was first published in March 2002

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top