TRC and Locked Windows screen

I thought this was working in an earlier release of the Windows client but, there are times when we need to remote to a computer that has a locked screen (ie the user has walked away)
Currently our configuration is set to not proceed after the grace period timeout of 45 seconds with the screen unlocked and/or the user active.
Short of turning on the “Acceptance Proceed” and running the risk of dropping onto to a screen with confidential information on it, there doesnt seem to be a way of , once the checkuserlogin screen is correctly filled out, to get to that locked screen to switch users to do what we need to do.

Is there something Im missing in the configuration or does this need to be an RFE?

Hi Pete_F,

So if I understood correctly you want to access a remote computer without the risk of violating the privacy or accessing sensitive information ?

What do you mean with

I thought this was working in an earlier release of the Windows client

Can you please clarify what are the steps that you are performing to open a session and what is the expected result ?

Are you referring to this feature ?

Hi Federico… No. In the Event of the end user walking away from their computer (Going home etc) and locking the screen, we need to be able to remote to that machine (Windows) and see that locked screen without the user having to be present. So We normally have “AcceptanceGraceTime”="30"
“AcceptanceProceed”=“no” So if the user is not present and the screen is NOT locked, we , correctly , cannot proceed…
With the Screen locked, we need to be able to remote to that locked screen and switch user and log into our admin account etc…
Thanks

Hi Pete_F,

“AcceptanceProceed”=“no” So if the user is not present and the screen is NOT locked, we , correctly , cannot proceed…

With this property set to “No” the session is refused even if the screen is unlocked. A user acceptance is required so no user acceptance no session.

With the Screen locked, we need to be able to remote to that locked screen and switch user and log into our admin account etc…

This means you simply need “AcceptanceProceed”=“yes”
However this also works if the screen is unlocked and the user hasn’t clicked on “Accept” yet. So even in this case the operator have access to the target machine after x seconds (the amount of time specified in the AcceptanceGraceTime property).

In this case it would be nice hiding/minimizing all the Windows as soon as the Acceptance period is expired and the operator is accessing the machine.

I don’t know if this is the enhancement you were referring to.

I guess that what we need is the ability to get to the locked screen after a timeout without the operator present BUT not automatically proceeding when they are present.
The TRC Client would have to detect the locked screen and permit the admin to connect …
Currently we have this property defined in Bigfix… , Perhaps the TRC client can take advantage of this in order to proceed. ?
if windows of operating system then (if exists unique values whose (it contains “LogonUI.exe” ) of (string values of SELECTS “* from Win32_Process” of wmi) then “Screen Locked” else “In use”) else if mac of operating system then (if exists processes whose (name of it as lowercase starts with “ScreenSaverEngine” as lowercase) then “Screen Locked” else “In use” ) else “N/A”

If I didn’t misunderstood your request the behavior that you are requesting is in the third row of this table (this behavior is currently not implemented) :

Screen Locked Screen Unlocked Acceptance time expired Accepted by the user Result
X X Accepted
X X Accepted
X X Rejected

(I’m assuming that the property AcceptanceProceed=Yes)
One possible implementation might be to add a value to the AcceptanceProceed property.
Something like “Always”, “Never”, “OnlyIfLocked” (the third row).

Correct.

You option of

"One possible implementation might be to add a value to the AcceptanceProceed property.
Something like “Always”, “Never”, “OnlyIfLocked” (the third row)."
Would be perfect,
Same for the Mac.

Thanks for looking at this,

1 Like

Hi Pete, I suggest that you open an RFE for this. Thanks!

Just submitted., … http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=129203

Please upvote…