• Home
• About Us
  • The Company
  • Philosophy
  • The Group
  • Why TomK Consulting?
  • Staff
  • The VRM Consultants
  • Photo Galleries
• Our Services
  • Consulting Services
  • Featured Services
    • Enhanced Internet Reliability
    • Proactive Systems Management
    • Systems Audit Service
    • Systems Documentation
    • Systems Reliability Bundle
• Testimonials
• Newsletters
• Partners
• Contact Us
  • Privacy Policy
  • Sitemap

June 2011 IT Business Consulting Newsletter

Protect Your Company’s Data and Reputation... Lock Your PC!

By Tom K

If your staff (or you) just walks away from their PCs, anyone can sit down and access all their info, all the corporate data they have access to, and all their email. They can even send emails to anyone (and everyone in the address books) masquerading as the logged-in user!

Imagine...

* Your company financials published on the Internet (embarrassing)

* Personal HR info circulating through your company (Lawsuits)

* A “confidential” email generated from YOUR business email account advising 2000 recipients that your VRM company will no longer rent to a specific demographic (embarrassing and Lawsuits)

* A Tweet with a picture of you in your underwear gets sent to ALL the wrong people (it didn’t REALLY happen this way, but it could have :)

... just because a PC was left unlocked for 10 minutes!

In this month’s article I review the usual methods for locking PCs, and their pitfalls. Then I provide a simple, ingenious method to lock your PC in a half second no matter where you are in the PC – no more excuses and no more unintentional disclosures!

Various Methods to Same Result

Since our client and reader base uses both Win 7 and XP PCs, I’ll discuss methods for each OS as appropriate. However, there are usually many ways to get to the same result - i.e. accessing a specific configuration screen - so I’ll only note one (hopefully the simplest!).

Screensaver Auto-Lock

This is probably the most common method used to lock a PC. The PC is set to go to Screen Saver after a specific period of inactivity, and user credentials are required to resume using the PC. Upon entering credentials, the user’s desktop comes back to the same state as when the Screen Saver started.

Unfortunately, the period of inactivity and the requirement to enter credentials are set by the user. We rarely see the credentials requirement activated, so there is no lock!

We recommend you have all staff use this feature with the credentials requirement activated. We’ve found that a good setting for the inactivity period is 10 minutes. This way, even if the user fails to use an immediate method to lock the PC when walking away, the unlocked window is limited to 10 minutes.

Note this is an excellent use for a Group Policy to centrally configure all of your PCs with these settings - see last month’s article “Use Group Policy to Centrally Tune YOUR Business Computing Environment”

To Set the Screen Saver Auto-Lock:

Win 7: Right Click on an unused spot on the desktop -> select Personalize from the drop-down menu -> select the Screen Saver Icon (lower right) -> select a screensaver from the list, set the Wait time to 10 minutes, select the “On resume, password protect” check box.

XP: Right Click on an unused spot on the desktop -> select Properties from the drop-down menu -> select the Screen Saver Tab -> select a screensaver from the list, set the Wait time to 10 minutes, select the “On resume, password protect” check box.

Manual Lock

Your staff can manually lock their PC no matter what they are doing via a number of keystrokes. When they unlock the PC with their credentials, their desktop comes back to the same state as when the lock was enabled.

Win 7: Start -> Shutdown Arrow -> Lock

XP: Simultaneously hit < Ctrl-Alt-Del > Select the “Lock PC” button from the pop-up

Manual Log Off

Logging Off has the same effect as locking the PC, but it is not as efficient as a quick lock. Logging off will close all running applications, disconnect all network connections, and log the user out of the network, which takes time. Additionally, the user will need to log back on, which can take minutes, and then will have to re-start all her applications.

This is not recommended as a Lock method, but we do recommend all users log off at the end of their work day (and leave their PCs turned on).

Win 7: Start -> Shutdown Arrow -> Log Off

XP: Start -> Log Off

Recommended PC Locking Method

Create a “Lock PC” Icon and place it in the Task Bar!

The Task Bar is the blue bar at the bottom of the screen that holds various icons. By default, it is always visible and accessible.

A “Lock PC” Icon in the Task Bar is always available no matter what the user is doing & will lock the PC from anywhere with a single mouse click! When the user unlocks the PC she’ll return to exactly where she was when she clicked the Lock PC Icon.

No More Excuses – a single click from anywhere & the PC is locked!

Here’s how it’s done...

To Create the Lock PC Icon:

Right-click empty space on the desktop, select New, select Shortcut. This opens the Create Shortcut Wizard.

In the Location field, type (or copy & paste :)

%windir%\System32\rundll32.exe user32.dll,LockWorkStation

Name it "Lock PC"

Hit OK & you'll get a very plain icon on the desktop that you can double click to lock the PC.

To Dress Up the Lock PC Icon:

Right click the icon, go to Properties, select Change Icon, in the Look For field, type (or copy & paste :)

%SystemRoot%\system32\SHELL32.dll

and hit OK

Select an icon design... I like the red box with the universal "off" symbol, or the gold keys.

To Place the Lock PC Icon in the Win 7 Task Bar (or if XP, in Quick Launch):

Win 7 allows you to “pin” an icon directly to the Task Bar. XP requires you to use Quick Launch.

Win 7: Simply drag the new “Lock PC” icon onto the Task Bar. Position it among the Program Icons already on the left side of the Task Bar.

XP: Drag the new “Lock PC” icon into the Quick Launch (little icons on the left of the Task Bar, next to Start Menu). If these icons aren't there (usually Desktop, Explorer, Outlook) you have to turn on Quick Launch. Right click on the Task Bar, select Properties, and check Show Quick Launch & hit OK.

So, you're working... click the Lock PC Icon in the Task Bar/Quick Launch and your PC is locked. Unlock & you're back exactly where you were when you hit Lock PC!

As I said, simple, ingenious, fast, and painless. No More Excuses!

Four step summary:

1. Create the Lock PC Icon (change the icon graphic if desired)

2. If XP, Turn On Quick Launch if not already on.

3. Drag the Lock PC icon into the Task Bar/Quick Launch

4. Click the Lock PC Icon whenever you leave your PC

As always, if you have any questions or comments concerning this article, I’d be happy to discuss them with you at your convenience. Feel free to contact me at TomK@TomKConsulting.com, or via my cell 443.310.5110.

Next month I’ll shift back to the promised discussion of VPNs (Virtual Private Networks). These gems allow you to connect remote offices securely and inexpensively, and enable your staff to work remotely from anywhere. See "Virtual Private Networks (VPNs) – a key Business Enabler".

Home | About TomK | TomK Philosophy | The Group | Why TomK? | TomK Staff | TomK Services | Featured Services |
TomK Testimonials | Newsletters | Partners | Contact | Privacy Policy | Site Map

© 2010 - Present, The TomK Consulting Group. All Rights Reserved.