Problem solve Get help with specific problems with your technologies, process and projects.

Locking a workstation vs. logging off

Why locking a workstation is better, and what to do if you cannot.


Locking a workstation vs. logging off
Adesh Rampat

In Windows NT/2000, the security dialog box (available by selecting CTRL ALT and DELETE Keys) presents your users with two options:

  • The log off option - closes all current applications and prompts for a new username and password.


  • The lock computer option (or workstation as in the case of Windows NT) - leaves all current applications running and allows for only the current user or an administrator to log on.


The question is ,which should your users employ? It's likely that most users never even consider that question, but there are reasons for choosing each option.

Your users of Windows NT/2000 workstations should employ the lock option when leaving their work area for a prolonged period. This option allows only the current user or someone with administrator log on privileges to operate the workstation, thus further enhancing network and workstation security. If your user, expecting to be away from his computer for an extended period of time, uses the log off option, then any user who has a valid user account and password for network resources can log on to the workstation, thus gaining access to the workstation. (Previous tips on this site have shown how to create a shortcut that will automatically lock the workstation.)

Of course, if a workstation has more than one user assigned to it, the log off option will have to be used. In this case, however, is it wise to set the number of past logons so that the administrator can be able to look at a history of previous users who logged on to the workstation.

To set the number of past logons, the network administrator will need to perform registry editing. It is advisable to back up the registry before performing the following steps:

  1. Start the Registry Editor


  2. Select HKEY_LOCAL_MACHINESOFTWARE\MicrosoftWindowsNT\CurrentVersion\Winlogon


  3. Click on Edit select New | String Value


  4. Enter CachedLogonsCount and press Enter


  5. Double click on the new value and set this value to any number based on the information supplied above, with 0 being the lowest and 50 being the highest.


  6. Then click OK

Exit from the registry editor and reboot the machine.

Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association Of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.

Dig Deeper on Windows systems and network management