Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How can I eliminate the new WIndows Desktop security screen (Win Server)?

Posted on 2015-02-12
11
Medium Priority
?
72 Views
Last Modified: 2015-05-21
Since the latest round of Windows updates, many of our servers (2008 and 2012) are suddenly deploying a "desktop security screen" which requires a CAD and entering of logged in user's password.  The user is actually still logged into the machine, but the desktop is hidden behind this idiotic security screen.  

Power opt are all set to "never," and "use password on sleep mode", which itself is turned off, is also disabled.  Yet this persists, usually after 5/10/15 mins of inactivity.

How can I disable this unwanted behavior?

Thank you.
M
0
Comment
Question by:michaelheffernan
  • 7
  • 4
11 Comments
 
LVL 13

Expert Comment

by:Rizzle
ID: 40606473
Hi M,

Could you post a screenshot for further investigation please?
0
 

Author Comment

by:michaelheffernan
ID: 40606526
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40606552
Hi Michael,

That screenshot looks normal to me. Is the other user logged in via RDP I'm assuming?

Our servers display that security message aswell.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:michaelheffernan
ID: 40606566
There is no one logged in remotely.  

We use VNC internally, not RDP, since screens cannot be viewed by more then one person (with RDP).  Please notice that nothing is mentioned about anyone being logged in *remotely*, just that the administrator (who is normally logged in there for certain apps to function) is "logged in."

M
0
 

Author Comment

by:michaelheffernan
ID: 40606624
Here's another server; never, ever done this before...
securescreen.jpg
0
 

Author Comment

by:michaelheffernan
ID: 40606630
CAD gets this:  notice the word "locked"  This moronic behavior started with the latest MS updates this past week.
scrn.jpg
0
 
LVL 13

Assisted Solution

by:Rizzle
Rizzle earned 1500 total points
ID: 40606660
Mike,

In all scenarios it looks like someone is logged into the clients/servers.

Try this as a test, someone login as the admin account and then log out and then see if someone can login ok,

Here's a GPO to change the timeout behaviour:

https://technet.microsoft.com/en-us/library/jj966265%28v=ws.10%29.aspx
0
 

Author Comment

by:michaelheffernan
ID: 40606682
Your suggestion is not clear to me.  Log into a server console as admin, then log out.  then log in again?   At the console or remotely or where?

I have already jiggled the local GPO according to suggestions I found online; they haven't been effective.  We don't apply domain GPO to the servers; too unreliable and disruptive.  I will look at your link, tho.

M
0
 
LVL 13

Accepted Solution

by:
Rizzle earned 1500 total points
ID: 40606721
Login to the server via rdp or vnc using the administrator account. Once that's done log out and then let me know if that is ok.

I believe the only way to control this would be via a gpo but hopefully my link can help out with the interactive login side of things.

In our environment the screen you're getting would be seen when we open up our vsphere console to have a look at a server state.
0
 

Author Comment

by:michaelheffernan
ID: 40606760
Thank you for the assistance.  

My experience using RDP has always resulted in a console lock out screen that identified whoever was logged in remotely.  This is not that.  In addition, going in with VNC is transparent to Windows.  That always works, except CAD doesn't always function.

I have found yet another reference to this issue, altho naturally MS changed how this feature works between 2008 and '12, and applied it to the 2008 machine (registry change/a CP option magically appearing).  It seems to work with 2008.

Your link is applicable to 2012 (and Win8) only, so I will weigh that, but w/out applying domain GPO to the servers.  That would have the potential of making life really miserable.

M
0
 

Author Comment

by:michaelheffernan
ID: 40606868
Postscript: I believe I finally located the setting in WIn8/Win2012 server.  Under "Change what the power button does" for God knows whatever reason.  There are yet more boxes and radio dials that need unticking.  So far, that has been successful.
I'll wait til tomorrow. if this is the case, I will close this thread and split the points.
thanks again for the assistance.

Mike
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If, like me, you have a lot of Dell servers in the estate you manage this article should save you a little time. When attempting to login to iDrac on any server I would be presented with two errors. The first reads "Do you want to run this applicati…
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question