Solved

disabling jigglers in Windows 7

Posted on 2016-10-18
9
52 Views
Last Modified: 2016-10-21
We have Imprivata Onesign that has screen locking enabled.  However, we have found people using USB jigglers to keep the session active and circumvent the screen locking.  We have a formal policy in place now but I was wondering if there is a way to disable the use of jigglers through group policy.  I understand that it will be fairly hard since jigglers are seen as a mouse to the operating system.  We can disable software versions of jigglers since users can't install software but the USB jobbies are a problem.
0
Comment
Question by:Steve Bantz
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 33

Expert Comment

by:ste5an
ID: 41848305
What is a USB jiggler??

Just a thought, people wouldn't use these, when this wouldn't address some of their needs. So the question is: Why do they see Imprivata, that has screen locking enabled, as a problem?
0
 

Author Comment

by:Steve Bantz
ID: 41848372
A USB jiggler simulates mouse movement so to the OS it looks like someone is actively using the machine.  We have to maintain a 10 minute screen locking policy for HIPAA compliance.  You'd be surprised at how many people dislike that even though they are aware of the risks.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 41848400
The hardware versions of these work even if the computer is locked down. They are simple and need no rights.

Accordingly, you would have to:

(a) prevent access to the USB port (glue it shut)  OR
(b) lengthen the screen saver time.

There may be some prevention capability in the future but right now, no.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 33

Expert Comment

by:ste5an
ID: 41848412
I see. The core problem is USB. Imho the only way is to use machines with no external ports or sealed ports.

I don't know the these HIPAA rules, but do they allow computers with USB ports?
0
 

Author Comment

by:Steve Bantz
ID: 41848464
Well, we do have to have USB ports enabled because we have RFID scanners attached to read employee badges to log into/lock the machine.  We also need them for barcode scanners and a variety of other things.  I can see that this is a slippery slope.  

We may just have to settle on a formal written policy.
0
 
LVL 94

Accepted Solution

by:
John Hurst earned 350 total points
ID: 41848469
Yes, all you can do is have a written policy. The device is just a mouse substitute and you cannot prevent a mouse from working.

So you need a signed policy that you can enforce.
1
 
LVL 19

Assisted Solution

by:deroode
deroode earned 150 total points
ID: 41849587
Not only do you need a signed and approved policy, but it has to be enforced not by you (you are a sysadmin, not a policeman), but by the HR department;
0
 

Author Closing Comment

by:Steve Bantz
ID: 41854348
We drafted a policy that will be put in place by HR using the proper protocol.  You are right, this isn't IT's job to police.  I was hoping for a means to have Windows not allow it but this is too new right now.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 41854371
Thank you for your update and I was happy to help.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So many times I have seen the words written in a question "if only I could show you" or " I know how hard it is for you since you can't see it" in any zone. That has inspired me to write about this tool in windows 7 called "Problem Steps Recorder…
First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question