it.ucsf.edu

Desktop locking

Policy Type

Best Practice

Use desktop locking to prevent unauthorized access

What is desktop locking and why should I use it?

Desktop locking enables users to keep all of their programs running and documents open on their computer while at the same time preventing others from using or looking at any of the information on that computer.  This is done by disabling access to view or interact with the computer and thus prevents the unauthorized access or theft of personal, confidential, or Protected Health Information.

How do I enable desktop locking?

Some form of desktop locking is available for every modern operating system. Here are instructions for some of the more common ones.

Windows

Be sure there is a (known) password set on the computer you are using. If there is no password set or you are unsure, go here for further instructions.

Desktop locking in Windows XP and Vista is enabled the same way.

  1. Press and hold these keys in this order: Windows Key + L.

For Windows NT and 2000:

  1. Press and hold these keys in this order: Ctrl + Alt + Delete.
  2. Select Lock Workstation.

You should also use a password enabled screensaver. This helps when a computer is left unattended and unlocked. After a set amount of time the screensaver will activate and automatically lock the desktop. Click here for instructions on how to enable this.

Mac OS X

The easiest way to lock the desktop is by using a sleep corner. The first step is to require the use of a password. By default most Mac OS X computers login as the Administrator when they are turned on. Although convenient, it is not secure because anyone can gain access.

  1. Open System Preferences and click "Accounts."
  2. Make note of the username in "My Account," you will use this to login from now on.
  3. If some settings are dimmed, click the lock icon and type an administrator name and password.
  4. If you need to set or rest your password click "Change Password..."
  5. Click Login Options.
  6. Change "Display login window as:" to Name and Password

Next, require a password when returning from the screensaver or sleep.

  1. Open System Preferences and click "Security."
  2. Check the box for "Require password to wake this computer from sleep or screen saver."
  3. Check the box for "Disable automatic logins."

Finally, enable a sleep corner.

  1. Open System Preferences and click "Desktop & Screen Saver."
  2. On the slider select the time at which to activate the screen saver (10 minutes is recommended, maximum 20 minutes).
  3. Click "Hot Corners."
  4. In the top right corner (or any corner) select Start Screen Saver from the drop down list.
  5. Click "OK."

To activate the screen saver and lock the desktop move the mouse pointer all the way to the top right corner (or any corner you selected). To return to normal operation press any key on the keyboard, enter your password, and press return or click "OK."

Linux

Because there are various versions of Linux, there is not one procedure. If you are running Gnome or KDE take a look at the options in the "Screen Saver" utility. If running some other desktop manager read the documentation or look at the main page for "xscreensaver-command."

The following shell command will immediately lock an X desktop: xscreensaver-command-lock

Solaris

If you are using the CDE desktop manager (copied from Sun Solaris documentation):

  1. Click the Style Manager Screen control.
  2. Select the settings you want:
    • Use Backgrounds For Lock: enables the lock backgrounds.
    • Transparent Lock: backgrounds are not used when the screen is locked.
    • Backgrounds List: displays the available backgrounds in a list. Select or deselect a background by clicking on the list item. The last background selected will be displayed to the right of the list.
    • Time Per Background: specifies the number of minutes each selected background runs before the next one starts when the screen is being saved. The backgrounds are cycled through in the same sequence as they appear in the list. A setting of 0 (zero) results in only the last background (the one currently in the preview area) being used.
  3. To save the changes, click OK. To return to the default settings, click Default.

Quick Links