Understanding Policies: Lock Screen

By Zach DeMeyer Posted December 6, 2019

GPO-Like Policy

By implementing Policies, JumpCloud® admins can automate much of their system security management. One such Policy is Lock Screen, available for Mac® and Windows® systems.

What is the Lock Screen Policy?

The Lock Screen Policy for Mac and Windows allows admins to configure the amount of time (in seconds) that a system can remain idle before the screensaver engages, locking the system down. Once the screen locks, the system’s user needs to log in again to regain access.

The Lock Screen Policy relies upon the JumpCloud system agent to make changes to native system screensaver settings. Admins can then use this Policy to adjust screensaver settings at scale across all their Mac and Windows systems.

Why Use the Lock Screen Policy?

There’s been a surge in remote work across the workforce. Many organizations find their employees opting to work from home or a local coffee shop instead of in the office, putting the employees and their devices outside IT’s direct control. Beyond remote workers, a bad actor could make their way inside the office as well.

If an employee leaves their computer unattended for any reason (i.e. bathroom, ordering coffee, taking a call, etc.), it can open the system to attack. A hacker can infect an unlocked laptop with malware in just a few clicks. With unrestricted access to a system, an attacker can exploit other vectors through accessible network features and/or applications. (Of course, in this time, the computer can also be stolen, so full-disk encryption, or FDE, might be needed… more on that in a similar blog).

Although it isn’t the most convenient exercise for end users, locking the screen after a small period of time can help ward off attacks like these.

Compliance Requirements and the Lock Screen Policy 

Regulatory compliance is one of the largest burdens that IT organizations shoulder. Many regulations, such as NIST, PCI DSS, and ISO 27001, require that organizations implement some sort of screen lock timer to promote security. By codifying compliance needs through the JumpCloud Lock Screen Policy, IT admins can save time preparing for audits by enforcing the Policy at scale, across both Mac and Windows machines.

How to Use the Lock Screen Policy

IT organizations can use the Lock Screen Policy by applying it to a single system, or across entire user and system groups, in the Policies tab of the JumpCloud Admin Portal. Admins then configure the length of time before their fleets’ screens lock directly from the same window.

Not a JumpCloud Customer?

JumpCloud® Directory-as-a-Service® is the first cloud directory service. If you are interested in streamlining how you enforce screen lock for compliance or general security reasons, you can use JumpCloud and the Lock Screen Policy for free for up to 10 users/systems. Just sign up for Directory-as-a-Service to get started today.
If you’d like to learn more about JumpCloud Policies, check out more blogs from our Understanding Policies series.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts