4 Managing Security and Smart Cards
Managing Security: Configuration Settings
;
Make screen saver secure
If you select this option, the PC automatically locks when the screen
saver comes on.
;
Default value:
Potential security impact: Medium
Implications:
Security Level
Value
Provided
ON (checked)
Higher
OFF (unchecked) Lower
;
Allow unauthenticated shutdown
If you set this option, anybody can shut down the PC, even if they are
not logged on.
Default value:
Potential security impact: Medium
Implications:
Security Level
Value
Provided
ON (checked)
Lower
52
Implications
The PC automatically locks when the screen saver comes on. This means
that, if the screen saver comes on, the user must enter their PIN to regain
access to the PC (or the Windows screen saver password, if they set a screen
saver password).
Also, if the user removes their smart card when the screen saver is on, no
other valid smart card holders can subsequently gain access to the PC.
This is appropriate for higher security, since the PC will lock automatically
when it is not being used (and possibly unattended).
Note that the Windows screen saver must be set for this to work.
If the screen saver comes on, the user or anyone else may be able to gain
access to the PC simply by moving the cursor or mouse (if there is no
Windows screen saver password).
This setting is perhaps appropriate for environments where the user rarely
leaves their desk, or where ease of use (quicker access to the PC) is more
important.
Implications
Anyone can shut down the PC.