No. Screen Pass can be managed with Group Policy and includes a rich template for doing so, but Group Policy is not required. Administrators can lock down Screen Pass settings by pushing registry settings such as screensaver timeout, auto logout timeout, or allowed screensavers to KEY_LOCAL_MACHINE.

Yes, but Screen Pass gives administrators a much greater degree of control over password enforcement, screensaver timeout, and screensaver selection along with features such as auto logout, auto shutdown, and true administrator override that are not available with the standard operating system.

Auto logout is used to log a user off an idle workstation after the screensaver has been running for a predetermined period. It can be set to turn off the workstation or leave the computer at a logon prompt. The auto shutdown is used to turn off a workstation that has been sitting idle at the logon prompt for a predetermined period?

Yes, the auto logout time, the time after the screensaver starts and the workstation is logged off, is configurable and the function can be turned off completely. Administrators can "lock down" the auto logout time.

Unsaved application data is lost during autologout. Optionally, Screen Pass can be configured to perform autologout only if there is no unsaved data.

Screen Pass settings can be locked down by an administrator, but otherwise users can modify any setting using a custom tab on the Display Properties window. The one exception to this is password protection of the screen saver which is enforced by default.

Currently Screen Pass v5.0 is available with a user interface in French and Dutch. German and Swedish versions are expected to be available shortly. Contact technical support to inquire about support for other languages.

Screen Pass v5.0 is designed specifically for Windows 2000 and XP workstations. Earlier versions of Windows require Screen Pass v4.0 which can be licensed for mixed environments at no extra charge.

The standard Windows admin override or unlock is actually a logout and a login under the administrator ID. With Screen Pass the admin override simply unlocks the workstation without terminating the current logon session.

For HIPAA compliance you will most likely want to disable the admin override completely and instead show the optional logout button on the unlock password dialog.

Yes. Screen Pass has a number of methods for allowing users or groups of users to have unlock rights over other users without granting actual administrator rights.

Paired groups is one method of declaring administrators for unlocking purposes without granting actual administrator rights. For example, under the paired group method users in the Accounting_SPAdmin group can unlock workstations of users in the Accounting_SPUser group. Paired groups works for Microsoft or Novell networks.

The Screen Pass extended right utility allows administrators to create a special Active Directory right that allows administrators to unlock other users' workstations. This is a method, separate from paired groups and available under ADS only, for declaring administrators for unlocking purposes. Once the extended right is added to the tree, administrators can grant the inheritable Screen Pass unlock right using Active Directory for Users and Computers. The extended right can also be easily removed using the extended right utility. Extended rights are a modification to the schema.

For domain login sessions, network administrators can unlock the workstation. For local login sessions, local administrators can unlock the workstation. There is an option, however, to allow local administrators to unlock domain login sessions.

Yes. For Netware login sessions Screen Pass allows network administrators to perform admin override. Specifically, it allow unlock if the proposed administrator ID has "supervisor object rights" over the currently logged in user.

Screen Pass v5.0 is installed on the workstation and no server component is required.

Screen Pass is distributed as a Windows Installer package, i.e., an .MSI file. If executed directly, the installer requires admin rights because it copies files to the system32 directory and modifies certain protected registry settings under KEY_LOCAL_MACNINE. If distributed under Group Policy, admin rights are not required.

Yes. Once installed on a workstation Screen Pass functions for all users of the workstation.

Yes. Screen Pass can collect a detailed log of all logon, logoff, lock, unlock, admin override, and failed password attempts. This information can be recorded to the Windows event log or written directly to an ODBC dataset.