To help us become better, please login to ActivTrak

Log in

Policy Reference

Policy Reference
Screen Pass Version 6.8 User Guide

Policy Reference

This section describes each of the Screen Pass policies.  This is the same information shown on the explanation panels of the Group Policy editor.

ADS Specific

Enforce Active Directory Logon Hours

When this policy is enabled, Active Directory Logon hours are strictly enforced. Logon sessions are forcibly terminated when account hours expire. Before the logoff, a warning is given allowing users to save open files. Usaved changes are lost. At any time when this policy is in effect, users may press Ctrl-Alt-Shift-L to see the time remaining before logoff. Ctrl-Alt-Shift-R may be used to reread the logon hours from the directory. Otherwise changes to the ADS logon hours in the directory are recognized by Screen Pass within a minute of the change.

Enable Active Directory Admin Override Extensions
When this policy is enabled, the 'Screen Pass unlock' right (an Active Directory extended right) is used as one method of determining if a proposed Admin ID can unlock another user's login session. For this policy to be effective, the Screen Pass Unlock right must be added to the directory. Administrators can do so using the Screen Pass extended right tool. Other methods of determining Admin override permission (such as membership in the 'Screen Pass' group, 'paired groups', or standard Domain Admin rights) still apply whether or not this policy is enabled.

Auto Logout

Auto Logout
Determines if Screen Pass will logout idle logon sessions. If Auto Logout 'Off' is selected none of the other settings apply. The 'Auto Logout Delay' specifies when the logout will occur in terms of minutes after the session is locked. The 'Action' determines the state of the workstation after auto logout, i.e. simple logoff, power shutdown, restart, or hibernate. If hibernate is selected, the login session is not actually terminated. The active hours represent the time of day during which auto logout can occur. The auto logout period includes the starting minute but not the ending minute . The end time may be earlier than the start time, so you may choose for auto logout to occur only after business hours. If the start and end times are equal, the auto logout is always in effect. If the 'No logout if unsaved data exists' box is checked, the workstation will not be logged off if any application has unsaved data. This option has no effect if the hibernate option is checked, as no data is lost during hibernation. If hibernate is selected and hibernation is not supported on a particular workstation, the action becomes a Logoff with 'No logout if unsaved data'.

Event Logging

Events
Determines which Screen Pass events will be recorded. The numeric value is a bitwise sum of the event types. (Lock=1, Unlock= 2,Failed password= 4,Admin override= 8,Failed override= 16, Auto logout= 32, Logon= 64,and Logoff= 128.) Simply add the numbers for the events you want to record. To turn all events on set the value to 255. To turn event logging off, set the value to 0. The Destination field determines where the events will be stored. Choices are the Windows event log (on a local or a remote computer), a comma delimited text file, or a dataset accessible through ODBC. The "Computer name" field determines the location of the Windows event log, if that destination type is selected. The "Text file" field determines the location of the text file, if that destination type is selected. UNC paths are acceptable. If no filename is specified events are stored in "ScreenPass.log" in the Windows directory. The remaining fields are used to connect to an ODBC data set. The password is stored in the registry without encryption. If the DSN is not password protected, a blank password field is acceptable. If both the user ID and the password are left blank, Screen Pass uses the credentials of the current workstation user. See the Screen Pass tech support website for sample database files. 

License

License Key
Contains the alphanumeric key for your licensed version of Screen Pass.  Without this key, your installation of Screen Pass will be labeled as 'demo only', and it will not be fully functional after the demo period expires.

Locking

Password Protection
Determines whether the screen saver will be password protected and whether the protection will be limited to certain hours of the day. By default password protection is always on. The password protection times includes the starting minute but not the ending minute. The end time may be earlier than the start time, so you may choose for password protection to be enforced only after business hours. If the start and end times are equal, the password protection is always in effect. The grace period is the time after the screen saver starts and before the workstation is locked. By default it is 0 seconds. With this policy you can also limit the hours when the screen saver is active or the hours when power saving features are active, by linking them to password protection hours.

Report Failed Password Trys
Determines whether a report of the number of failed password attempts will be shown to the user after the workstation is unlocked.

Misc

Hot Key
Determines the hot key used to activate the screen saver.

Show Icon On Toolbar
Shows/Hides the Screen Pass icon on the taskbar. Clicking the icon starts the screen saver and right clicking allows quick access to the Screen Pass user level configuration.

Hide Screen Pass Tab
On Windows XP, hides the "Screen Pass" tab on the Display Properties dialog. On Vista and later, blocks access to the Screen Pass settings applet.

Disable Screen Saver Settings Button
When this policy is enabled, the 'Settings' button on the Screen Pass tab is grayed and disabled. This prevents users from changing the configuration of the selected screen saver.

Disable Power Button
When this policy is enabled, the 'Power' button on the Screen Pass tab is grayed and disabled.

Bypass Netware Detection
Bypasses the automatic detection of a Netware logon session. Normally if the workstation is logged on to both Novell and Microsoft networks, Screen Pass will use the Netware credentials for unlocking.  With this policy enabled, the Microsoft credentials will be used.

Password Dialog

Allow Admin Unlock
Shows/Hides the Admin button on the main password window and determines whether administrators can unlock the workstation. By default  the Admin button is shown. The "Require Admin unlock" option suppresses the main password window and causes the admininstrator password window to be shown immediately.  

Allow Local Admin Unlock
Allows local workstation administrators to unlock other users' network logon sessions.  By default local administrators are not allowed to unlock network logon sessions. This policy has no effect if the Allow Admin unlock is not enabled. This policy also has no effect on local logon sessions.  Local admins can always unlock local logon sessions.

Logoff/Change User Button
Shows/Hides the Logoff button on the main password window. This button allows users to terminated the logon session without having to unlock or restart the workstation.  On XP workstations, this policy can be used to show the button as a 'Change User' button. In this case, the new user must provide valid credentials before the current logon session is terminated and a session under the new ID is begun.  By default the Logoff/Change user button is not shown.

Message Button
Shows/Hides the Message button on the main password window. Pressing this button allows visitors to the workstation to leave messages for the user that are displayed when the workstation is unlocked. By default the Message button is shown.

Password Dialog Text
Modifies the text on the main password window. On Windows XP the height the dialog box may be modified with a scaling factor. The maximum text length is 4096 characters. The "\" + "n" character sequence indicates a new line. To place longer messages into the edit field it is best to compose the message in a text editor such as Notepad and then cut & paste.

Group Message
Sends a message to users that is displayed when the workstation is unlocked. This feature is useful for company-wide or group-wide reminders. The admin can disable the 'Clear' button on the Message display dialog so the user will see the message after each unlock. The maximum text length is 4096 characters. The '\' + 'n' character sequence indicates a new line. To fit longer messages into the edit field it is best to compose the message in a text editor such as Notepad and then cut & paste.

Require Ctrl-Alt-Del
On Windows XP, determines whether the Ctrl-Alt-Del screen is shown before the main password dialog is displayed. This policy applies to the unlocking process only.  It does not affect the Ctrl-Alt-Del screen shown before logon. By default, Ctrl-Alt-Del is required.

Ctrl-Alt-Del Screen Text
On Windows XP, modifies the text on the dialog box that prompts for Ctrl-Alt-Del before displaying the password dialog. The size and dimensions of the box may be modified with scaling factors. The maximum text length is 4096 characters. The '\' + 'n' character sequence indicates new line. To place longer messages into the edit field it is best to compose the message in a text editor such as Notepad and then cut & paste.

GINA
On Windows XP, this policy can be enabled to cause Windows to bypass the Screen Pass unlock dialogs and to use the dialogs from the previous GINA in the chain,  that is, the GINA that was in place when Screen Pass was installed. Either the Ctrl-Alt-Del dialog or the password dialog or both can be bypassed. If the Screen Pass password dialog bypassed, the administrator override feature is unavailable. This policy may be useful in helping to integrate with fingerprint readers or other third party GINAs.

Pre-Logon

Auto Shutdown
Auto shutdown is used to shutdown an idle workstation that is NOT logged in. To logoff and shutdown an idle workstation that is logged in, use the Auto logoff policy. If Auto Shutdown 'Off' is selected, none of the other settings apply. The 'Auto Shutdown Delay' determines the number of minutes after the pre-login screensaver starts before auto shutdown will occur. This can be either after machine startup or after a logoff. A prelogon-screen saver must be configured for this feature to function. The 'Action' determines the state of the workstation after auto shutdown, either simple shutdown, restart, or hibernate. The active hours represent the time of day during which auto shutdown can occur. The auto shutdown period includes the starting minute but not the ending minute. The end time may be earlier than the start time, so you may choose for auto shutdown to occur only after business hours. If the start and end times are equal, the auto shutdown is always in effect.

Pre-logon Screen Saver
Sets the screen saver to be used when no one is logged on. Required for autoshutdown to function. The Image file is used only if the screen saver is set to Screen Pass bouncing image (Spbnce32.scr). The Slide show folder is used only if the screen saver is set to Screen Pass Slide Show (Spslides.scr).

Remote Control

Remote Control From ActivTrak
This policy determines whether Screen Pass can be controlled remotely from the ActivTrak viewer.  With remote control, administrators can lock, unlock, or logoff, shutdown or restart the workstation.  ActivTrak is a workstation activity monitoring program available separately from Birch Grove Software.  Remote control actions are immediate.  Administrator credentials are verified by the ActivTrak viewer. 

Screen Savers

Allowed Screen Savers

Limits the list of screen savers available to the user.  Press the "Show" button to Add or Remove screen savers to or from the list. You may enter the screen saver's file name, e.g., "ssbezier.scr" or its description as it appears in on the Screen Pass tab, e.g., "Beziers".  If the exclude button is unchecked, only those screen savers on the list are available to the user.  If the exclude button is checked, all screen savers are available to the user except those on the list.  If only one screen saver is available to the user, the combo box on the Screen Pass tab is grayed.

Screensaver Timeout
Determines the maximum and minimum time the user may select for the screen saver timeout, i.e., the time the workstation is idle before the screen saver starts. If the Max. and Min. are equal, the screen saver timeout on the Screen Pass tab is grayed. If this policy is not enabled, the maximum timeout is 20 minutes and the minimum is 1 minute. You may set the maximum time out as high as 9999 minutes.

Screensaver 'None' Selection
This policy allows users to choose 'None' as one of the screen saver options. By default 'None' is not included in the screen saver selection list.  If 'None' is selected, a screen saver will not start and automatic logout due to inactivity will not occur.  Logout due to ADS account hour enforcement will still be in effect.

Suspend Screensaver on Active Application
Use this policy to prevent the screen saver from activating while certain applications are active and in the foreground, that is if their title bar is highlighted.  The screen saver will still start if the applications are in the background.  Press the Show button to identify applications by entering the executable file name, for example POWERPNT.EXE. Do not include the file path.

Suspend Screensaver on Active Titlebar
Use this policy to prevent the screen saver from activating while certain text is present in the active title bar. For example you can block the screen saver when a browser is active and pointed to a certain web presentation. Press the Show button to add individual text strings.  You may use substrings, and strings are case insensitive. 

Bouncing Image Screensaver

Image Speed
Determines the image speed in pixels/sec. The default speed is 60. The minimum is 1 and the maximum is 200.

Image Directory
Limits image selection to files in the specified directory.  UNC names are acceptable. Using the checkbox, you may choose to include or exclude the default image (Screen Pass logo). If neither this policy nor the Image Directory policy are not enabled the user can browse and select any image. The Image Directory policy takes precedence over the Image List policy.

Image List
Limits the image selection to the specified files. Use fully qualified file names. UNC names are acceptable.  Supported formats are .BMP, .GIF, .JPG, .PNG, .TIF, .EMF, and .WMF. Using the checkbox, you may choose to include or exclude the default (Screen Pass logo) image. If neither this policy nor the Image Directory policy are not enabled the user can browse and select any image. The Image Directory policy takes precedence over the Image List Policy.

Background
Specifies the RGB value for the backgound color. The default color is black (0,0,0). 

 Slide Show Screensaver

Slide Duration
Determines how long each image is displayed. If this policy is not enabled, the user can determine the slide duration.

Slide Order
Determines whether image files are show in random or alphabetical order. If this policy is not enabled, the user can determine the slide order.

Slide Folder 1
Specifies Folder 1, a folder containing images for the slide show. UNC names are acceptable. Supported formats are .BMP, .GIF, .JPG, .PNG, .TIF, .EMF, and .WMF.  If this policy is not enabled, the user can select Folder 1.

Slide Folder 2
Specifies Folder 2, a second folder containing images for the slide show. UNC names are acceptable. If this policy is not enabled, the user can select Folder 2.

 

Was this article helpful?
0 out of 0 found this helpful

Brandon Hill
Brandon HillFollow
Comments