JSI Tip 4725. Your screensaver password works when your account is locked out?


The mechanism for unlocking a password protected screen saver does NOT check to see if the account is locked out.

If you account is locked out, the default unlocking behavior will still accept a valid password and unlock the screen saver.

One downside of this behavior is that if the computer is locked, and the account is locked, a successful break-in will NOT register a 528 event in the Security event log.

To workaround these behaviors, Copy / Paste the following entries to a <Drive:>\Folder\ForceUnlockLogon.reg file and run regedit /s <Drive:>\Folder\ForceUnlockLogon.reg:

REGEDIT4

\[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\]
"ForceUnlockLogon"=dword:00000001



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish