By Natalie Bluhm Posted March 8, 2018
One of the easiest ways to compromise a network is for somebody to gain access to a machine that’s been left unattended. Not convinced this is a likely scenario? Have you ever witnessed somebody momentarily leaving their laptop to go pick up their drink order at the coffee shop? Or maybe you once saw somebody on a flight leave their machine unattended for a few minutes while they hit the lavatory? These are just the right moments where somebody close by can quickly install a keylogger with a USB stick. It can happen, it has happened, and is why setting screen saver lock across your Windows fleet is a great system policy.
If you are using the right tools, enforcing policies like screen saver lock doesn’t have to be complicated, and we’re not just saying that. To prove it, we’ll walk you through how easy it is to configure JumpCloud’s screen saver lock policy in this blog post. But first, let’s take a look at why you should consider enforcing a screen saver lock policy.
Why Setting Screen Saver Lock Matters
A machine that’s left alone and isn’t locked is perhaps the easiest target there is for attackers. Think about all of the digital assets typically left open on a computer. An email account is probably open, maybe a few web-based applications are in use, and perhaps even a financial account is available. With email alone, a person with malicious intent can reset passwords to any accounts tied to that email. Leaving systems alone without the screen locked is a recipe for disaster to say the least.
A simple solution, of course, is to encourage your team to lock their machine whenever it is left unattended, whether that is in the office, at home, or out in the world. Most of your users will have the best of intentions to do that and likely will. However, what happens when they forget accidentally? Is their machine wide open? It doesn’t need to be when you implement JumpCloud® Directory-as-a-Service® .
Setting Screen Saver Lock Across Windows Systems with JumpCloud
Using our cloud-based directory service, it is quite easy setting screen saver lock across your Windows fleet (and Mac® systems as well). You can easily set and enforce the screen saver lock to appear after a period of inactivity. We’d suggest popping the screen saver lock up quite quickly to ensure that there isn’t an opportunity for a malicious person to compromise the machine. Completing this doesn’t require any scripting and can be done in a couple of clicks. Let’s take a look a what you have to do.
How to Set a Screen Saver Lock Policy for Windows in JumpCloud
Setting screen saver lock across your Windows fleet starts by logging into the JumpCloud Admin console.
Once you’re there, select the Policies Tab, and then click the bright green button with the white plus icon. This will give you the option to set policies for Mac, Linux and Windows systems, but since we’re talking about Windows systems, select “Add Windows Policy”.
This will open up a section that gives you a list of available policies you can configure for your Windows fleet. Select the “configure” button that’s associated with Lock Screen.
In this area, you will be able to name the policy, set the time when a system screen locks and select which Windows systems you would like to apply this policy. Once all of this is completed, you can select “save policy”.
As you can see, it literally takes a few clicks to enforce screen saver lock across your Windows fleet, and it is one of the easiest steps that you can take to effectively step up your security posture. If you want to make sure users can’t change the screen saver lock setting by disabling their access to the control panel, we have a policy for that too. It allows you to disable a user’s ability to make Windows control panel changes, but that’s a topic for another blog post. Find our list of available policies here.
There’s More to JumpCloud than System Management
If this is your first time hearing about JumpCloud, you should know that JumpCloud Directory-as-a-Service doesn’t just stop with system management. Our comprehensive cloud-based directory service takes an independent approach by integrating with IT resources regardless of their platform, location, protocol, and provider. This means you can secure user authentication to the following:
- Systems – Windows, Mac, and Linux
- Servers – Local and remote like those in GCP or AWS
- Applications – on-prem and web-based like JIRA and Salesforce
- File Servers – physical and virtual like NAS appliances and Box
- Networks – wired and wireless like WiFi
- …and More!
Implementing JumpCloud Directory-as-a-Service will provide your end users with frictionless access to all of their IT resources, and provide you, the IT admin, with effective user and system management.
Find Out More about Setting Screen Saver Lock Across Your Windows Fleet
Are you interested in learning how JumpCloud Policies work? Consider watching the Policies Whiteboard Video above. Of course, you can also learn more about setting screen saver lock across your Windows fleet by dropping us a note. If you’re ready to see system policies in action, sign up for a free account. You’ll be able to test our Policies feature and the rest of our platform with your first ten users on us.