• 4
  • 13
  • 5
  • 1
  • 2
Der MEVA - Blog
Albrecht Weinert


a-weinert.de,  meva-lab.de
|< < > >|


blog... /w2k2-in-secure-screensaver/   [en]
Albrecht Weinert

Windows in-secure screensaver

Symptom: The Screensaver ignores password setting on Windows Server 2003 and its successors.

On Windows 2003, since (some) up-grade, you’ll quitt the screensaver without re-authentication, even if so set under System->Display->Screensaver->etc.. This is a security issue, that may under certain circumstances be quite fatal.

The simple repair is: Delete

HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure (REG_DWORD, 1)

and re-define it as

HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure (REG_SZ, 1).

Elucidation: That changes the one’s ( == 1== on) type from number (which XP and consorts want) to String (Windows 2003 habitualness). The above blamed update must have intrduced XP habits to 2003.

Supplement

In the mean time experience showed that Microsoft is switching the behaviour aproximately every third update.
Hence attention: The repair might be just the other way round.
And attention: After any update the same security hole may be opened again.

As it just the type of the value 1 or “1″ one would hope for an an intelligent repair that would make 2K3 and XP accept both types. But alas that is not so — the last “type changeover” happened May 2011. So be on your watch.

Feed für Kommentare zum Beitrag

Ihr Kommentar

Bitte loggen Sie sich zum Kommentieren ein beziehungsweise registrieren Sie sich so als willkommener neuer Nutzer des Blogs.

Copyright   ©   2013   Albrecht Weinert,       E-Mail (webmaster)
Feed on RSS: Post Feed RSS   Beitrags-Feed,   Comments Feed RSS   Kommentar-Feed