Solved

disabling jigglers in Windows 7

Posted on 2016-10-18
9
45 Views
Last Modified: 2016-10-21
We have Imprivata Onesign that has screen locking enabled.  However, we have found people using USB jigglers to keep the session active and circumvent the screen locking.  We have a formal policy in place now but I was wondering if there is a way to disable the use of jigglers through group policy.  I understand that it will be fairly hard since jigglers are seen as a mouse to the operating system.  We can disable software versions of jigglers since users can't install software but the USB jobbies are a problem.
0
Comment
Question by:Steve Bantz
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 33

Expert Comment

by:ste5an
ID: 41848305
What is a USB jiggler??

Just a thought, people wouldn't use these, when this wouldn't address some of their needs. So the question is: Why do they see Imprivata, that has screen locking enabled, as a problem?
0
 

Author Comment

by:Steve Bantz
ID: 41848372
A USB jiggler simulates mouse movement so to the OS it looks like someone is actively using the machine.  We have to maintain a 10 minute screen locking policy for HIPAA compliance.  You'd be surprised at how many people dislike that even though they are aware of the risks.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 41848400
The hardware versions of these work even if the computer is locked down. They are simple and need no rights.

Accordingly, you would have to:

(a) prevent access to the USB port (glue it shut)  OR
(b) lengthen the screen saver time.

There may be some prevention capability in the future but right now, no.
0
 
LVL 33

Expert Comment

by:ste5an
ID: 41848412
I see. The core problem is USB. Imho the only way is to use machines with no external ports or sealed ports.

I don't know the these HIPAA rules, but do they allow computers with USB ports?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:Steve Bantz
ID: 41848464
Well, we do have to have USB ports enabled because we have RFID scanners attached to read employee badges to log into/lock the machine.  We also need them for barcode scanners and a variety of other things.  I can see that this is a slippery slope.  

We may just have to settle on a formal written policy.
0
 
LVL 92

Accepted Solution

by:
John Hurst earned 350 total points
ID: 41848469
Yes, all you can do is have a written policy. The device is just a mouse substitute and you cannot prevent a mouse from working.

So you need a signed policy that you can enforce.
1
 
LVL 19

Assisted Solution

by:deroode
deroode earned 150 total points
ID: 41849587
Not only do you need a signed and approved policy, but it has to be enforced not by you (you are a sysadmin, not a policeman), but by the HR department;
0
 

Author Closing Comment

by:Steve Bantz
ID: 41854348
We drafted a policy that will be put in place by HR using the proper protocol.  You are right, this isn't IT's job to police.  I was hoping for a means to have Windows not allow it but this is too new right now.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 41854371
Thank you for your update and I was happy to help.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now