|Screen Pass Version 6.8 User Guide|
This section describes each of the Screen Pass policies. This is the same information shown on the explanation panels of the Group Policy editor.
Enforce Active Directory Logon Hours
When this policy is enabled, Active Directory Logon hours are strictly enforced. Logon sessions are forcibly terminated when account hours expire. Before the logoff, a warning is given allowing users to save open files. Usaved changes are lost. At any time when this policy is in effect, users may press Ctrl-Alt-Shift-L to see the time remaining before logoff. Ctrl-Alt-Shift-R may be used to reread the logon hours from the directory. Otherwise changes to the ADS logon hours in the directory are recognized by Screen Pass within a minute of the change.
Enable Active Directory Admin Override Extensions
When this policy is enabled, the 'Screen Pass unlock' right (an Active Directory extended right) is used as one method of determining if a proposed Admin ID can unlock another user's login session. For this policy to be effective, the Screen Pass Unlock right must be added to the directory. Administrators can do so using the Screen Pass extended right tool. Other methods of determining Admin override permission (such as membership in the 'Screen Pass' group, 'paired groups', or standard Domain Admin rights) still apply whether or not this policy is enabled.
Determines if Screen Pass will logout idle logon sessions. If Auto Logout 'Off' is selected none of the other settings apply. The 'Auto Logout Delay' specifies when the logout will occur in terms of minutes after the session is locked. The 'Action' determines the state of the workstation after auto logout, i.e. simple logoff, power shutdown, restart, or hibernate. If hibernate is selected, the login session is not actually terminated. The active hours represent the time of day during which auto logout can occur. The auto logout period includes the starting minute but not the ending minute . The end time may be earlier than the start time, so you may choose for auto logout to occur only after business hours. If the start and end times are equal, the auto logout is always in effect. If the 'No logout if unsaved data exists' box is checked, the workstation will not be logged off if any application has unsaved data. This option has no effect if the hibernate option is checked, as no data is lost during hibernation. If hibernate is selected and hibernation is not supported on a particular workstation, the action becomes a Logoff with 'No logout if unsaved data'.
Determines which Screen Pass events will be recorded. The numeric value is a bitwise sum of the event types. (Lock=1, Unlock= 2,Failed password= 4,Admin override= 8,Failed override= 16, Auto logout= 32, Logon= 64,and Logoff= 128.) Simply add the numbers for the events you want to record. To turn all events on set the value to 255. To turn event logging off, set the value to 0. The Destination field determines where the events will be stored. Choices are the Windows event log (on a local or a remote computer), a comma delimited text file, or a dataset accessible through ODBC. The "Computer name" field determines the location of the Windows event log, if that destination type is selected. The "Text file" field determines the location of the text file, if that destination type is selected. UNC paths are acceptable. If no filename is specified events are stored in "ScreenPass.log" in the Windows directory. The remaining fields are used to connect to an ODBC data set. The password is stored in the registry without encryption. If the DSN is not password protected, a blank password field is acceptable. If both the user ID and the password are left blank, Screen Pass uses the credentials of the current workstation user. See the Screen Pass tech support website for sample database files.
Contains the alphanumeric key for your licensed version of Screen Pass. Without this key, your installation of Screen Pass will be labeled as 'demo only', and it will not be fully functional after the demo period expires.
Determines whether the screen saver will be password protected and whether the protection will be limited to certain hours of the day. By default password protection is always on. The password protection times includes the starting minute but not the ending minute. The end time may be earlier than the start time, so you may choose for password protection to be enforced only after business hours. If the start and end times are equal, the password protection is always in effect. The grace period is the time after the screen saver starts and before the workstation is locked. By default it is 0 seconds. With this policy you can also limit the hours when the screen saver is active or the hours when power saving features are active, by linking them to password protection hours.
Report Failed Password Trys
Determines whether a report of the number of failed password attempts will be shown to the user after the workstation is unlocked.
Disable Screen Saver Settings Button
When this policy is enabled, the 'Settings' button on the Screen Pass tab is grayed and disabled. This prevents users from changing the configuration of the selected screen saver.
Bypass Netware Detection
Bypasses the automatic detection of a Netware logon session. Normally if the workstation is logged on to both Novell and Microsoft networks, Screen Pass will use the Netware credentials for unlocking. With this policy enabled, the Microsoft credentials will be used.
Allow Admin Unlock
Shows/Hides the Admin button on the main password window and determines whether administrators can unlock the workstation. By default the Admin button is shown. The "Require Admin unlock" option suppresses the main password window and causes the admininstrator password window to be shown immediately.
Allow Local Admin Unlock
Allows local workstation administrators to unlock other users' network logon sessions. By default local administrators are not allowed to unlock network logon sessions. This policy has no effect if the Allow Admin unlock is not enabled. This policy also has no effect on local logon sessions. Local admins can always unlock local logon sessions.
Logoff/Change User Button
Shows/Hides the Logoff button on the main password window. This button allows users to terminated the logon session without having to unlock or restart the workstation. On XP workstations, this policy can be used to show the button as a 'Change User' button. In this case, the new user must provide valid credentials before the current logon session is terminated and a session under the new ID is begun. By default the Logoff/Change user button is not shown.
Shows/Hides the Message button on the main password window. Pressing this button allows visitors to the workstation to leave messages for the user that are displayed when the workstation is unlocked. By default the Message button is shown.
Password Dialog Text
Modifies the text on the main password window. On Windows XP the height the dialog box may be modified with a scaling factor. The maximum text length is 4096 characters. The "\" + "n" character sequence indicates a new line. To place longer messages into the edit field it is best to compose the message in a text editor such as Notepad and then cut & paste.
Sends a message to users that is displayed when the workstation is unlocked. This feature is useful for company-wide or group-wide reminders. The admin can disable the 'Clear' button on the Message display dialog so the user will see the message after each unlock. The maximum text length is 4096 characters. The '\' + 'n' character sequence indicates a new line. To fit longer messages into the edit field it is best to compose the message in a text editor such as Notepad and then cut & paste.
On Windows XP, determines whether the Ctrl-Alt-Del screen is shown before the main password dialog is displayed. This policy applies to the unlocking process only. It does not affect the Ctrl-Alt-Del screen shown before logon. By default, Ctrl-Alt-Del is required.
Ctrl-Alt-Del Screen Text
On Windows XP, modifies the text on the dialog box that prompts for Ctrl-Alt-Del before displaying the password dialog. The size and dimensions of the box may be modified with scaling factors. The maximum text length is 4096 characters. The '\' + 'n' character sequence indicates new line. To place longer messages into the edit field it is best to compose the message in a text editor such as Notepad and then cut & paste.
On Windows XP, this policy can be enabled to cause Windows to bypass the Screen Pass unlock dialogs and to use the dialogs from the previous GINA in the chain, that is, the GINA that was in place when Screen Pass was installed. Either the Ctrl-Alt-Del dialog or the password dialog or both can be bypassed. If the Screen Pass password dialog bypassed, the administrator override feature is unavailable. This policy may be useful in helping to integrate with fingerprint readers or other third party GINAs.
Auto shutdown is used to shutdown an idle workstation that is NOT logged in. To logoff and shutdown an idle workstation that is logged in, use the Auto logoff policy. If Auto Shutdown 'Off' is selected, none of the other settings apply. The 'Auto Shutdown Delay' determines the number of minutes after the pre-login screensaver starts before auto shutdown will occur. This can be either after machine startup or after a logoff. A prelogon-screen saver must be configured for this feature to function. The 'Action' determines the state of the workstation after auto shutdown, either simple shutdown, restart, or hibernate. The active hours represent the time of day during which auto shutdown can occur. The auto shutdown period includes the starting minute but not the ending minute. The end time may be earlier than the start time, so you may choose for auto shutdown to occur only after business hours. If the start and end times are equal, the auto shutdown is always in effect.
Pre-logon Screen Saver
Sets the screen saver to be used when no one is logged on. Required for autoshutdown to function. The Image file is used only if the screen saver is set to Screen Pass bouncing image (Spbnce32.scr). The Slide show folder is used only if the screen saver is set to Screen Pass Slide Show (Spslides.scr).
Remote Control From ActivTrak
This policy determines whether Screen Pass can be controlled remotely from the ActivTrak viewer. With remote control, administrators can lock, unlock, or logoff, shutdown or restart the workstation. ActivTrak is a workstation activity monitoring program available separately from Birch Grove Software. Remote control actions are immediate. Administrator credentials are verified by the ActivTrak viewer.
Allowed Screen Savers
Limits the list of screen savers available to the user. Press the "Show" button to Add or Remove screen savers to or from the list. You may enter the screen saver's file name, e.g., "ssbezier.scr" or its description as it appears in on the Screen Pass tab, e.g., "Beziers". If the exclude button is unchecked, only those screen savers on the list are available to the user. If the exclude button is checked, all screen savers are available to the user except those on the list. If only one screen saver is available to the user, the combo box on the Screen Pass tab is grayed.
Determines the maximum and minimum time the user may select for the screen saver timeout, i.e., the time the workstation is idle before the screen saver starts. If the Max. and Min. are equal, the screen saver timeout on the Screen Pass tab is grayed. If this policy is not enabled, the maximum timeout is 20 minutes and the minimum is 1 minute. You may set the maximum time out as high as 9999 minutes.
Screensaver 'None' Selection
This policy allows users to choose 'None' as one of the screen saver options. By default 'None' is not included in the screen saver selection list. If 'None' is selected, a screen saver will not start and automatic logout due to inactivity will not occur. Logout due to ADS account hour enforcement will still be in effect.
Suspend Screensaver on Active ApplicationSuspend Screensaver on Active Titlebar
Use this policy to prevent the screen saver from activating while certain applications are active and in the foreground, that is if their title bar is highlighted. The screen saver will still start if the applications are in the background. Press the Show button to identify applications by entering the executable file name, for example POWERPNT.EXE. Do not include the file path.
Use this policy to prevent the screen saver from activating while certain text is present in the active title bar. For example you can block the screen saver when a browser is active and pointed to a certain web presentation. Press the Show button to add individual text strings. You may use substrings, and strings are case insensitive.
Bouncing Image Screensaver
Determines the image speed in pixels/sec. The default speed is 60. The minimum is 1 and the maximum is 200.
Limits image selection to files in the specified directory. UNC names are acceptable. Using the checkbox, you may choose to include or exclude the default image (Screen Pass logo). If neither this policy nor the Image Directory policy are not enabled the user can browse and select any image. The Image Directory policy takes precedence over the Image List policy.
Limits the image selection to the specified files. Use fully qualified file names. UNC names are acceptable. Supported formats are .BMP, .GIF, .JPG, .PNG, .TIF, .EMF, and .WMF. Using the checkbox, you may choose to include or exclude the default (Screen Pass logo) image. If neither this policy nor the Image Directory policy are not enabled the user can browse and select any image. The Image Directory policy takes precedence over the Image List Policy.
Specifies the RGB value for the backgound color. The default color is black (0,0,0).
Slide Show Screensaver
Determines how long each image is displayed. If this policy is not enabled, the user can determine the slide duration.
Determines whether image files are show in random or alphabetical order. If this policy is not enabled, the user can determine the slide order.
Slide Folder 1
Specifies Folder 1, a folder containing images for the slide show. UNC names are acceptable. Supported formats are .BMP, .GIF, .JPG, .PNG, .TIF, .EMF, and .WMF. If this policy is not enabled, the user can select Folder 1.
Slide Folder 2
Specifies Folder 2, a second folder containing images for the slide show. UNC names are acceptable. If this policy is not enabled, the user can select Folder 2.