Link to home
Start Free TrialLog in
Avatar of jlw011597
jlw011597Flag for United States of America

asked on

Password Protected Screen Savers NOT Protecting?

Have 21 new Dell GX150's preinstalled with Windows 2000 SR1.

All are connected to a Novell NETWARE 5 network using Novell's Client 32 v4.8 for NT/2000.

Users are reporting that password protected screen savers are NOT always demanding
a password when interrupted.

The selection of screen saver seems to have little or no bearing on the situation.  Some
users (myself included) have never observed this problem, others found it consistant for
some time until they

1) Rebooted multiple times
2) Installed a 3rd-party ScreenSaver

Still others don't see anything working, their default Windows Screen Saver refuses to
honor the Password Protected checkbox.
Avatar of SysExpert
SysExpert
Flag of Israel image

I would install SP2 for all machines and see if this fixes the problem !!

I hope this helps!
Avatar of jlw011597

ASKER

I'm just getting these things deployed, and SP2 hasn't been out very long.  My experience with most service packs suggests they aren't well regression tested,
and I'd fix one problem while introducing perhaps 20 more potential problems.

This query was more to determine without a runaround between MS and DELL whether or not there's a known problem with these screen savers.
Did you do a search omn microsoft.com yet ??

Well, I did a search there for " not enforced within screensaver password" and
didn't get any hits....  These are OEM copies of Win2K so I'm not allowed to CALL
MS for support, and last time I called DELL (on a printer issue) they bucked it to
the printer vendor even though it was clearly an MS networking issue....

THAT's why I went out to EE for commentary.
I would apply SP2, to a computer with a repeatable problem.
This will be a good test.

Also

http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q257939

is the closest I could find so far.

I hope this helps !
Avatar of tonnybrandt
tonnybrandt

Just want to share my experiance on the matter as i also have windows 2000 and Netware Client 4.8 on my work machine, and it works ok. However it was not preinstalled and not a Dell.

Did a search on Novell, and found this:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959002.htm

See if it applies to your problem
SysExpert:  Win2K SP2 has been applied to all stations; still some stations report this problem.

tonnybrandt: None of  suggested TID items seems to apply.  This is that the Screen Saver just plain doesn't seem to be taking over, thus failing to secure the workstation.  All those items seemed to be that the screen saver takes over, just doesn't operate properly after doing so, preventing even an authorized user from getting back to work.




I would try

sfc /scannow from a DOS box and also check permissions for these users.

Try it as administrator adn see if it works. If it does, then it is probably a registry problem, probably having to do with registry permissions.

Also try a regclean program.

I hope this helps !
All users are already ADMINISTRATORS (no Domain or Directory in the Win2K
world, just a workgroup, and all these folks are technical staff trustable as admins
for their own workstations).  

What's "sfc" ???  
system file checker. It exists in win98 and win2k.

try sfc /?
from a dos window.

I hope this helps !
Hmmm... This seems to require the Windows 2000 CD.  Gonna take some time to do that.

Note recently I've noticed that unless I get a periodic reminder from Experts Exchange, I've
gone so far as to leave a question open pending review of a possible answer or comments
for 2 months.  Prod me if need be with another comment.
Decided not to follow up with this issue.  Don't have an ORIGINAL Win2K CD to get the sfc program from since these are OEM pre-installed DELLs.  Ah, well.
Hi,

I think we have the same problem and have met with the same amount of success.  Did you ever resolve this issue?

No.  For example, 95% of the time my own workstation locks under the screen saver just fine.  The other 5% of the time the screen saver just plain doesn't start after the requisite time period of nil keyboard/mouse activity.
Still no response on this problem.  I'm going to boost the points to 300 to see if we can
garner some more interest.

One thing I HAVE accertained is that when the screen saver does seem to "stop
triggering," that in reality something has changed it to NONE.  Indeed when one
goes to the screen saver panel, "NONE" is the selected saver.  Normally I have
"Default Screen Saver" selected, but if I expected the saver to be active and
password protecting, but it isn't (e.g., I come in after being out of the office for an hour or more), sure enough I'll find "(None)" as the selected saver.  

I KNOW that I am not actively setting/resetting this...
Still no response on this problem.  I'm going to boost the points to 300 to see if we can
garner some more interest.

One thing I HAVE accertained is that when the screen saver does seem to "stop
triggering," that in reality something has changed it to NONE.  Indeed when one
goes to the screen saver panel, "NONE" is the selected saver.  Normally I have
"Default Screen Saver" selected, but if I expected the saver to be active and
password protecting, but it isn't (e.g., I come in after being out of the office for an hour or more), sure enough I'll find "(None)" as the selected saver.  

I KNOW that I am not actively setting/resetting this...
OK.

1) It could be a virus, or hacker.

2) Have you tried enforcing this with policies, either locally or centrally ?

Group policy planning with screen shots
                 
      http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp

http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
                                   http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp

 Windows 2000 Group Policy White Paper
                                         http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp

Step by Step Guide to Managing the Group Policy Feature Set
                                         http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp

"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp

               and

               Wayne's Windows NT Administration Tips
 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/adrecov.asp

I hope this helps !
1) It could be a virus, or hacker.
              Unlikely.  All machines where we're seeing this are protected with               daily-updated virus protection software, and ports are either manually
              shut down, stealthed, or, in my particular case, protected by a software
               firewall.  Yet we still see the situation.

2) Have you tried enforcing this with policies, either locally or centrally ?
               Policies are whatever are the defaults on Win2K out of the box.  No AD or
               domain, either.  Workgroup.  And staying that way.
Just realized I'd never responded to  tonnybrandt's suggestion/comments.  No, that TID
probably doesn't apply.  There's no mention in the TID of my situation, where the screen saver doesn't take over (because, as I've learned, it's being reset to (None) by something).  The Novell TID [technical information document for all you non-netware types] describes issues like the screen saver taking control but not imposing password protection, and the screen saver not resuming control after having taken control, prompted for password protection, and the user quits out of trying to enter a password.
Just realized I'd never responded to  tonnybrandt's suggestion/comments.  No, that TID
probably doesn't apply.  There's no mention in the TID of my situation, where the screen saver doesn't take over (because, as I've learned, it's being reset to (None) by something).  The Novell TID [technical information document for all you non-netware types] describes issues like the screen saver taking control but not imposing password protection, and the screen saver not resuming control after having taken control, prompted for password protection, and the user quits out of trying to enter a password.
jlw is awaiting Expert feedback here.
Asta
An idea that might help.

If you have a copy of sysinternals REGMON, you can run it on one of the problem clients.

1. turn off capture
2. edit filter/highlight
3. set include to
    "HKLM\Control Panel\Desktop\SCRNSAVE.EXE"
exactly as specified here but without the double quotes.  Note the embedded spaces are needed - just select, copy and paste the above in.
4. ensure that "Log Successes" and "Log Errors" and
"Log Writes" are enabled.  (You can enable all options but it makes for extra reading - these should be enough).
5. Apply the filter (click on the APPLY button)
6. Start the Capture and minimize REGMON

You can come back to it after a minute, an hour, a day, and it will have logged every time something changes that screen saver entry.  I believe (based on my own problem) that this might help identify what could be reseting the screen saver.

Similarly, there is a registry entry that controls whether or not a password is required - this is "ScreenSaverIsSecure"

If the screen saver is always set but just not prompting, then replace the include (above) with

    "HKLM\Control Panel\Desktop\ScreenSaverIsSecure"

This will log the time of the change, and the Process.  The process contains a fairly meaningful identification of the changer of the value, which is most likely a .EXE

Please feel free to query me if you want more details or a better explanation :-)

The url for "system internals" in case you need it is http://www.systeminternals.com/

Regards, Christopher Moore
Just verify that it's
"HKLM" in these "exactly as specified here"

and not "HKEY_LOCAL_MACHINE"

I've downloaded REGMON and will try applying it to users experiencing this problem.
Yep. It DOES appear to require HKLM rather than the full (and technically correct) HKEY_LOCAL_MACHINE.

Regards, Chris.

Dear questionner/expert(s)

No comment has been added lately, so it's time to clean up this TA.
I'll leave a recommendation in the Cleanup topic area that this question is to be:

- Answered by: cmoore23

Please leave any comments here within the next seven days.

==> PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER ! <==

PaSHa

Cleanup volunteer
No, I don't think so.  Regardless of what the volunteer
recommends, I have not been able to evaluate cmoore23's
suggestion due to other duties and, as such, am not about
to suggest to subsequent participants purchasing this as a PAQ that the problem was resolved by cmoore23's suggestion until it is proven to be an actual solution.

If the volunteer is so anxious to close this call off, then
the resolution (of THAT issue) is to DELETE the query, not to accept an unproven answer.
thank you for your response first of all. this is your last post -> 08/07/2002 08:23AM PST
it would have been nice to add comments and let the experts know about your progress with their solutions. it is also your responsibility to follow your questions. if you think that cmoore23's solution is not right and you have found the answer please post it here so that other users with the same problem can use this information when needed. if there is no good answer to you let us know and let the admins take care of it. regards,
PaSHa
If jlw has not been able to take advantage of any of the responses to resolve the problem (for whatever reason) then any answer suggested can not be considered a solution.  And thus the issue stays open.  So I agree with jlw.  Leave it open until someone comes up with a resolution that can be implemented successfully.

cmoore23
ASKER CERTIFIED SOLUTION
Avatar of SpideyMod
SpideyMod

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial