jlw011597
asked on
Password Protected Screen Savers NOT Protecting?
Have 21 new Dell GX150's preinstalled with Windows 2000 SR1.
All are connected to a Novell NETWARE 5 network using Novell's Client 32 v4.8 for NT/2000.
Users are reporting that password protected screen savers are NOT always demanding
a password when interrupted.
The selection of screen saver seems to have little or no bearing on the situation. Some
users (myself included) have never observed this problem, others found it consistant for
some time until they
1) Rebooted multiple times
2) Installed a 3rd-party ScreenSaver
Still others don't see anything working, their default Windows Screen Saver refuses to
honor the Password Protected checkbox.
All are connected to a Novell NETWARE 5 network using Novell's Client 32 v4.8 for NT/2000.
Users are reporting that password protected screen savers are NOT always demanding
a password when interrupted.
The selection of screen saver seems to have little or no bearing on the situation. Some
users (myself included) have never observed this problem, others found it consistant for
some time until they
1) Rebooted multiple times
2) Installed a 3rd-party ScreenSaver
Still others don't see anything working, their default Windows Screen Saver refuses to
honor the Password Protected checkbox.
ASKER
I'm just getting these things deployed, and SP2 hasn't been out very long. My experience with most service packs suggests they aren't well regression tested,
and I'd fix one problem while introducing perhaps 20 more potential problems.
This query was more to determine without a runaround between MS and DELL whether or not there's a known problem with these screen savers.
and I'd fix one problem while introducing perhaps 20 more potential problems.
This query was more to determine without a runaround between MS and DELL whether or not there's a known problem with these screen savers.
Did you do a search omn microsoft.com yet ??
ASKER
Well, I did a search there for " not enforced within screensaver password" and
didn't get any hits.... These are OEM copies of Win2K so I'm not allowed to CALL
MS for support, and last time I called DELL (on a printer issue) they bucked it to
the printer vendor even though it was clearly an MS networking issue....
THAT's why I went out to EE for commentary.
didn't get any hits.... These are OEM copies of Win2K so I'm not allowed to CALL
MS for support, and last time I called DELL (on a printer issue) they bucked it to
the printer vendor even though it was clearly an MS networking issue....
THAT's why I went out to EE for commentary.
I would apply SP2, to a computer with a repeatable problem.
This will be a good test.
Also
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q257939
is the closest I could find so far.
I hope this helps !
This will be a good test.
Also
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q257939
is the closest I could find so far.
I hope this helps !
Just want to share my experiance on the matter as i also have windows 2000 and Netware Client 4.8 on my work machine, and it works ok. However it was not preinstalled and not a Dell.
Did a search on Novell, and found this:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959002.htm
See if it applies to your problem
Did a search on Novell, and found this:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959002.htm
See if it applies to your problem
ASKER
SysExpert: Win2K SP2 has been applied to all stations; still some stations report this problem.
tonnybrandt: None of suggested TID items seems to apply. This is that the Screen Saver just plain doesn't seem to be taking over, thus failing to secure the workstation. All those items seemed to be that the screen saver takes over, just doesn't operate properly after doing so, preventing even an authorized user from getting back to work.
tonnybrandt: None of suggested TID items seems to apply. This is that the Screen Saver just plain doesn't seem to be taking over, thus failing to secure the workstation. All those items seemed to be that the screen saver takes over, just doesn't operate properly after doing so, preventing even an authorized user from getting back to work.
I would try
sfc /scannow from a DOS box and also check permissions for these users.
Try it as administrator adn see if it works. If it does, then it is probably a registry problem, probably having to do with registry permissions.
Also try a regclean program.
I hope this helps !
sfc /scannow from a DOS box and also check permissions for these users.
Try it as administrator adn see if it works. If it does, then it is probably a registry problem, probably having to do with registry permissions.
Also try a regclean program.
I hope this helps !
ASKER
All users are already ADMINISTRATORS (no Domain or Directory in the Win2K
world, just a workgroup, and all these folks are technical staff trustable as admins
for their own workstations).
What's "sfc" ???
world, just a workgroup, and all these folks are technical staff trustable as admins
for their own workstations).
What's "sfc" ???
system file checker. It exists in win98 and win2k.
try sfc /?
from a dos window.
I hope this helps !
try sfc /?
from a dos window.
I hope this helps !
ASKER
Hmmm... This seems to require the Windows 2000 CD. Gonna take some time to do that.
Note recently I've noticed that unless I get a periodic reminder from Experts Exchange, I've
gone so far as to leave a question open pending review of a possible answer or comments
for 2 months. Prod me if need be with another comment.
Note recently I've noticed that unless I get a periodic reminder from Experts Exchange, I've
gone so far as to leave a question open pending review of a possible answer or comments
for 2 months. Prod me if need be with another comment.
ASKER
Decided not to follow up with this issue. Don't have an ORIGINAL Win2K CD to get the sfc program from since these are OEM pre-installed DELLs. Ah, well.
Hi,
I think we have the same problem and have met with the same amount of success. Did you ever resolve this issue?
I think we have the same problem and have met with the same amount of success. Did you ever resolve this issue?
ASKER
No. For example, 95% of the time my own workstation locks under the screen saver just fine. The other 5% of the time the screen saver just plain doesn't start after the requisite time period of nil keyboard/mouse activity.
ASKER
Still no response on this problem. I'm going to boost the points to 300 to see if we can
garner some more interest.
One thing I HAVE accertained is that when the screen saver does seem to "stop
triggering," that in reality something has changed it to NONE. Indeed when one
goes to the screen saver panel, "NONE" is the selected saver. Normally I have
"Default Screen Saver" selected, but if I expected the saver to be active and
password protecting, but it isn't (e.g., I come in after being out of the office for an hour or more), sure enough I'll find "(None)" as the selected saver.
I KNOW that I am not actively setting/resetting this...
garner some more interest.
One thing I HAVE accertained is that when the screen saver does seem to "stop
triggering," that in reality something has changed it to NONE. Indeed when one
goes to the screen saver panel, "NONE" is the selected saver. Normally I have
"Default Screen Saver" selected, but if I expected the saver to be active and
password protecting, but it isn't (e.g., I come in after being out of the office for an hour or more), sure enough I'll find "(None)" as the selected saver.
I KNOW that I am not actively setting/resetting this...
ASKER
Still no response on this problem. I'm going to boost the points to 300 to see if we can
garner some more interest.
One thing I HAVE accertained is that when the screen saver does seem to "stop
triggering," that in reality something has changed it to NONE. Indeed when one
goes to the screen saver panel, "NONE" is the selected saver. Normally I have
"Default Screen Saver" selected, but if I expected the saver to be active and
password protecting, but it isn't (e.g., I come in after being out of the office for an hour or more), sure enough I'll find "(None)" as the selected saver.
I KNOW that I am not actively setting/resetting this...
garner some more interest.
One thing I HAVE accertained is that when the screen saver does seem to "stop
triggering," that in reality something has changed it to NONE. Indeed when one
goes to the screen saver panel, "NONE" is the selected saver. Normally I have
"Default Screen Saver" selected, but if I expected the saver to be active and
password protecting, but it isn't (e.g., I come in after being out of the office for an hour or more), sure enough I'll find "(None)" as the selected saver.
I KNOW that I am not actively setting/resetting this...
OK.
1) It could be a virus, or hacker.
2) Have you tried enforcing this with policies, either locally or centrally ?
Group policy planning with screen shots
http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp
Windows 2000 Group Policy White Paper
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Step by Step Guide to Managing the Group Policy Feature Set
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp
"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp
and
Wayne's Windows NT Administration Tips
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/adrecov.asp
I hope this helps !
1) It could be a virus, or hacker.
2) Have you tried enforcing this with policies, either locally or centrally ?
Group policy planning with screen shots
http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp
Windows 2000 Group Policy White Paper
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Step by Step Guide to Managing the Group Policy Feature Set
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp
"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp
and
Wayne's Windows NT Administration Tips
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/adrecov.asp
I hope this helps !
ASKER
1) It could be a virus, or hacker.
Unlikely. All machines where we're seeing this are protected with daily-updated virus protection software, and ports are either manually
shut down, stealthed, or, in my particular case, protected by a software
firewall. Yet we still see the situation.
2) Have you tried enforcing this with policies, either locally or centrally ?
Policies are whatever are the defaults on Win2K out of the box. No AD or
domain, either. Workgroup. And staying that way.
Unlikely. All machines where we're seeing this are protected with daily-updated virus protection software, and ports are either manually
shut down, stealthed, or, in my particular case, protected by a software
firewall. Yet we still see the situation.
2) Have you tried enforcing this with policies, either locally or centrally ?
Policies are whatever are the defaults on Win2K out of the box. No AD or
domain, either. Workgroup. And staying that way.
ASKER
Just realized I'd never responded to tonnybrandt's suggestion/comments. No, that TID
probably doesn't apply. There's no mention in the TID of my situation, where the screen saver doesn't take over (because, as I've learned, it's being reset to (None) by something). The Novell TID [technical information document for all you non-netware types] describes issues like the screen saver taking control but not imposing password protection, and the screen saver not resuming control after having taken control, prompted for password protection, and the user quits out of trying to enter a password.
probably doesn't apply. There's no mention in the TID of my situation, where the screen saver doesn't take over (because, as I've learned, it's being reset to (None) by something). The Novell TID [technical information document for all you non-netware types] describes issues like the screen saver taking control but not imposing password protection, and the screen saver not resuming control after having taken control, prompted for password protection, and the user quits out of trying to enter a password.
ASKER
Just realized I'd never responded to tonnybrandt's suggestion/comments. No, that TID
probably doesn't apply. There's no mention in the TID of my situation, where the screen saver doesn't take over (because, as I've learned, it's being reset to (None) by something). The Novell TID [technical information document for all you non-netware types] describes issues like the screen saver taking control but not imposing password protection, and the screen saver not resuming control after having taken control, prompted for password protection, and the user quits out of trying to enter a password.
probably doesn't apply. There's no mention in the TID of my situation, where the screen saver doesn't take over (because, as I've learned, it's being reset to (None) by something). The Novell TID [technical information document for all you non-netware types] describes issues like the screen saver taking control but not imposing password protection, and the screen saver not resuming control after having taken control, prompted for password protection, and the user quits out of trying to enter a password.
jlw is awaiting Expert feedback here.
Asta
Asta
An idea that might help.
If you have a copy of sysinternals REGMON, you can run it on one of the problem clients.
1. turn off capture
2. edit filter/highlight
3. set include to
"HKLM\Control Panel\Desktop\SCRNSAVE.EXE "
exactly as specified here but without the double quotes. Note the embedded spaces are needed - just select, copy and paste the above in.
4. ensure that "Log Successes" and "Log Errors" and
"Log Writes" are enabled. (You can enable all options but it makes for extra reading - these should be enough).
5. Apply the filter (click on the APPLY button)
6. Start the Capture and minimize REGMON
You can come back to it after a minute, an hour, a day, and it will have logged every time something changes that screen saver entry. I believe (based on my own problem) that this might help identify what could be reseting the screen saver.
Similarly, there is a registry entry that controls whether or not a password is required - this is "ScreenSaverIsSecure"
If the screen saver is always set but just not prompting, then replace the include (above) with
"HKLM\Control Panel\Desktop\ScreenSaverI sSecure"
This will log the time of the change, and the Process. The process contains a fairly meaningful identification of the changer of the value, which is most likely a .EXE
Please feel free to query me if you want more details or a better explanation :-)
The url for "system internals" in case you need it is http://www.systeminternals.com/
Regards, Christopher Moore
If you have a copy of sysinternals REGMON, you can run it on one of the problem clients.
1. turn off capture
2. edit filter/highlight
3. set include to
"HKLM\Control Panel\Desktop\SCRNSAVE.EXE
exactly as specified here but without the double quotes. Note the embedded spaces are needed - just select, copy and paste the above in.
4. ensure that "Log Successes" and "Log Errors" and
"Log Writes" are enabled. (You can enable all options but it makes for extra reading - these should be enough).
5. Apply the filter (click on the APPLY button)
6. Start the Capture and minimize REGMON
You can come back to it after a minute, an hour, a day, and it will have logged every time something changes that screen saver entry. I believe (based on my own problem) that this might help identify what could be reseting the screen saver.
Similarly, there is a registry entry that controls whether or not a password is required - this is "ScreenSaverIsSecure"
If the screen saver is always set but just not prompting, then replace the include (above) with
"HKLM\Control Panel\Desktop\ScreenSaverI
This will log the time of the change, and the Process. The process contains a fairly meaningful identification of the changer of the value, which is most likely a .EXE
Please feel free to query me if you want more details or a better explanation :-)
The url for "system internals" in case you need it is http://www.systeminternals.com/
Regards, Christopher Moore
ASKER
Just verify that it's
"HKLM" in these "exactly as specified here"
and not "HKEY_LOCAL_MACHINE"
I've downloaded REGMON and will try applying it to users experiencing this problem.
"HKLM" in these "exactly as specified here"
and not "HKEY_LOCAL_MACHINE"
I've downloaded REGMON and will try applying it to users experiencing this problem.
Yep. It DOES appear to require HKLM rather than the full (and technically correct) HKEY_LOCAL_MACHINE.
Regards, Chris.
Regards, Chris.
Dear questionner/expert(s)
No comment has been added lately, so it's time to clean up this TA.
I'll leave a recommendation in the Cleanup topic area that this question is to be:
- Answered by: cmoore23
Please leave any comments here within the next seven days.
==> PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER ! <==
PaSHa
Cleanup volunteer
No comment has been added lately, so it's time to clean up this TA.
I'll leave a recommendation in the Cleanup topic area that this question is to be:
- Answered by: cmoore23
Please leave any comments here within the next seven days.
==> PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER ! <==
PaSHa
Cleanup volunteer
ASKER
No, I don't think so. Regardless of what the volunteer
recommends, I have not been able to evaluate cmoore23's
suggestion due to other duties and, as such, am not about
to suggest to subsequent participants purchasing this as a PAQ that the problem was resolved by cmoore23's suggestion until it is proven to be an actual solution.
If the volunteer is so anxious to close this call off, then
the resolution (of THAT issue) is to DELETE the query, not to accept an unproven answer.
recommends, I have not been able to evaluate cmoore23's
suggestion due to other duties and, as such, am not about
to suggest to subsequent participants purchasing this as a PAQ that the problem was resolved by cmoore23's suggestion until it is proven to be an actual solution.
If the volunteer is so anxious to close this call off, then
the resolution (of THAT issue) is to DELETE the query, not to accept an unproven answer.
thank you for your response first of all. this is your last post -> 08/07/2002 08:23AM PST
it would have been nice to add comments and let the experts know about your progress with their solutions. it is also your responsibility to follow your questions. if you think that cmoore23's solution is not right and you have found the answer please post it here so that other users with the same problem can use this information when needed. if there is no good answer to you let us know and let the admins take care of it. regards,
PaSHa
it would have been nice to add comments and let the experts know about your progress with their solutions. it is also your responsibility to follow your questions. if you think that cmoore23's solution is not right and you have found the answer please post it here so that other users with the same problem can use this information when needed. if there is no good answer to you let us know and let the admins take care of it. regards,
PaSHa
If jlw has not been able to take advantage of any of the responses to resolve the problem (for whatever reason) then any answer suggested can not be considered a solution. And thus the issue stays open. So I agree with jlw. Leave it open until someone comes up with a resolution that can be implemented successfully.
cmoore23
cmoore23
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I hope this helps!