osa2
asked on
Secure logon with a badge or hardware
Hi all,
I'm looking for a solution for someone. Who has around 25 pc's. They all log on to windows 2003 server using a password.
The problem is when a user leaves his desk. Other people in the company jump behind the desk and use the computer with all the rights of the logged on user. We tried using screensaver password. But it still takes 1 minute for the screen saver to become active.
the other problem is they need to leave there desk alot. To check things in the warehouse and stuff. So they insisted having a way to easy password because they have to type it in like 50 times aday.
So I tought of using a usb stick with a encrypted password on it. For every user 1 stick.
But the problem is. They leave there desk. Thinking I will only be out like 1 minute. But something is wrong or they are making a chat with someone and the usb stick is still in. User is logged on.
So, now I'm thinking is there a proximity solution? When the user comes in range of his computer he is getting logged on. When he leaves his desk it auto log's off the user.
Or are there other suggestions or solutions to this problem?
I'm looking for a solution for someone. Who has around 25 pc's. They all log on to windows 2003 server using a password.
The problem is when a user leaves his desk. Other people in the company jump behind the desk and use the computer with all the rights of the logged on user. We tried using screensaver password. But it still takes 1 minute for the screen saver to become active.
the other problem is they need to leave there desk alot. To check things in the warehouse and stuff. So they insisted having a way to easy password because they have to type it in like 50 times aday.
So I tought of using a usb stick with a encrypted password on it. For every user 1 stick.
But the problem is. They leave there desk. Thinking I will only be out like 1 minute. But something is wrong or they are making a chat with someone and the usb stick is still in. User is logged on.
So, now I'm thinking is there a proximity solution? When the user comes in range of his computer he is getting logged on. When he leaves his desk it auto log's off the user.
Or are there other suggestions or solutions to this problem?
ASKER
Maybe the approuch would also for fingerprint scanner. This a very cheap. Usb fingerprint readers.
Only I don't know how a user should logout when he is leaving his desk.
Only I don't know how a user should logout when he is leaving his desk.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Smart cards are indeed a good option for two factor authentication. However, if your users will leave them in the reader, you will still have the same problem. And for Smartcard authentication you also need an enterprise CA.
So I guess your best bet will be to educate your users for locking the workstation.
I once worked on a project where the smartcards were integrated with access control, so the user had to remove to card to move around the building.
So I guess your best bet will be to educate your users for locking the workstation.
I once worked on a project where the smartcards were integrated with access control, so the user had to remove to card to move around the building.
Aproaching from another direction, the problem is that this persons work pattern does not suit a a desktop. Make it so they can take their computer with them. Have them work on a handheld or tablet device instead of a desktop PC.
ASKER
The easiest things are mostley the best solutions for complex problems. The windows key + L is a very good option. Whe are now using this Didn't know that. Thanks alot
Having Active Directory, you use your local AD's Certificate Authority to create smart card logon certificates for the users.
When changing user account to log on only with smart card and PIN (which in fact IS an easy password), you can set up that the computer is locked each time the user removes his smart card.
When getting the smart card back in, the user will be asked for his PIN only.
This will only work, if:
- the smart card slot can be accessed easily,
- the smart card also is used as personal badge for other purposes (e.g. opening doors, paying in the cafeteria).
There are also RFID smart cards, but usage of these depend on how far PCs are away from each other, and how near a RFID card needs to be to the PC's reader device.
HTH,
Patric