Jan 9th, 2009
W2K3 in-secure screensaver
Symptom: The Screensaver ignores password setting on Windows Server 2003.
On Windows 2003, since (some) up-grade, you’ll quitt the screensaver without re-authentication, even if so set under System->Display->Screensaver->etc.. This is a security issue, that may under certain circumstances be quite fatal.
The simple repair is: Delete
HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure (REG_DWORD, 1)
and re-define it as
HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure (REG_SZ, 1).
Elucidation: That changes the one’s ( == 1== on) type from number (which XP and consorts want) to String (Windows 2003 habitualness). The above blamed update must have intrduced XP habits to 2003.
Supplement
In the mean time experience showed that Microsoft is switching the behaviour aproximately every third update.
Hence attention: The repair might be just the other way round.
And attention: After any update the same security hole may be opened again.
As it just the type of the value 1 or “1″ one would hope for an an intelligent repair that would make 2K3 and XP accept both types. But alas that is not so — the last “type changeover” happened May 2011. So be on your watch.
Ihre Anmerkungen — leave a reply
Please log in
to post a comment.
Use the same link to register as a new (welcome) user.
Hierzu müssen Sie eingeloggt sein.
Mit dem obigen Link können Sie sich gern auch als neues Mitglied registrieren.