From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_0362_01C30985.5A717070
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   If you just want to keep users from sharing passwords you can use =
smartcard logon.  You can configure the system to lock or log out users =
when the smartcard is removed.

Rich

  "Glenn Meadows"  wrote in message =
news:3ea6cf41{at}w3.nls.net...
  Have you considered (since you obviously can't remove the person from
  company, seems like good grounds for termination) using one of the =
proximity
  logon systems?  Each employee has a badge that will only unlock the =
machine
  if they are within 5-8 feet of the receiver.  Carmax has a system like =
that.
  When the sales person moves away from the computer, it auto locks the
  desktop, and only when they move back into range again, does it =
unlock.  I
  believe that the card and logged on user must match or the computer =
won't
  activate.  If a different user walks up than was logged in, they get a =
logon
  screen.  Multiple sales people can be logged in, working with =
different
  customers.  So, when they come back from a test drive, they can just =
walk up
  to the system that they were on, and their last point of reference
  re-appears.

  Sounds like it would be easier to replace the employee though.

  --
  Glenn M.


  "Geo."  wrote in message
news:3ea6c49e{at}w3.nls.net...
  > You can turn on auditing of files and such and have that sent to you =
as a
  > message I believe but I don't know how you are going to tell when =
it's him
  > if he is using other peoples machines and logins.
  >
  > You could setup a login script to set the screensaver to blank and =
locked
  > after 5 minutes of inactivity, that might at least prove annoying to =
him.
  > (and everyone else)
  >
  > Geo.
  >
  > "Richard B."  wrote in message
  > news:41edav0064d07msp9m1dkp44qud3jq3t3u{at}4ax.com...
  > > On Wed, 23 Apr 2003 10:40:23 -0400, "Geo."
 =
wrote:
  > >
  > > >You run a domain? Just limit the user's ID to a specific machine, =
then
  he
  > > >can't logon anywhere else.
  > >
  > > I've done that. He'll go to a machine that's been left unattended,
  > > already logged in with the other person's password. I fixed the =
latter
  > > but I can't prevent him from doing the former, especially if I'm =
not
  > > here. He doesn't have file permissions to get to certain areas =
with
  > > his password, so he was using the admin's machine to do that.
  > >
  > > I could set up a filter with the old St. Bernard software to alert =
me
  > > to about any event I wanted, file access, app use, time of use, =
pretty
  > > much anything.
  > >
  > > - Richard
  >
  >


------=_NextPart_000_0362_01C30985.5A717070
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   If you
just want to keep =
users from=20
sharing passwords you can use smartcard logon.  You can configure = the=20
system to lock or log out users when the smartcard is =
removed.
 
Rich
 

  "Glenn Meadows" <gmeadow{at}comcast.net>">mailto:gmeadow{at}comcast.net">gmeadow{at}comcast.net>
wrote =
in message=20
  news:3ea6cf41{at}w3.nls.net...Ha=
ve=20
  you considered (since you obviously can't remove the person =
fromcompany,=20
  seems like good grounds for termination) using one of the =
proximitylogon=20
  systems?  Each employee has a badge that will only unlock the=20
  machineif they are within 5-8 feet of the receiver.  Carmax =
has a=20
  system like that.When the sales person moves away from the =
computer, it=20
  auto locks thedesktop, and only when they move back into range =
again, does=20
  it unlock.  Ibelieve that the card and logged on user must =
match or=20
  the computer won'tactivate.  If a different user walks up =
than was=20
  logged in, they get a logonscreen.  Multiple sales people can =
be=20
  logged in, working with differentcustomers.  So, when they =
come back=20
  from a test drive, they can just walk upto the system that they =
were on,=20
  and their last point of
referencere-appears.Sounds like it =
would=20
  be easier to replace the employee though.--Glenn=20
  M."Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote in =
message news:3ea6c49e{at}w3.nls.net...>=
 You=20
  can turn on auditing of files and such and have that sent to you as =
a>=20
  message I believe but I don't know how you are going to tell when it's =

  him> if he is using other peoples machines and =
logins.>>=20
  You could setup a login script to set the screensaver to blank and=20
  locked> after 5 minutes of inactivity, that might at least =
prove=20
  annoying to him.> (and everyone
else)>>=20
  Geo.>> "Richard B." <TDNBW{at}barktopus.com>">mailto:TDNBW{at}barktopus.com">TDNBW{at}barktopus.com>
wrote =
in=20
  message> news:41edav0064d=
07msp9m1dkp44qud3jq3t3u{at}4ax.com...>=20
  > On Wed, 23 Apr 2003 10:40:23 -0400, "Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote:> =

  >> > >You run a domain? Just limit
the user's ID to a =
specific=20
  machine, thenhe> > >can't logon anywhere =
else.>=20
  >> > I've done that. He'll go to a machine
that's been =
left=20
  unattended,> > already logged in with the other person's =
password. I=20
  fixed the latter> > but I can't prevent him from
doing the =
former,=20
  especially if I'm not> > here. He doesn't have file =
permissions to=20
  get to certain areas with> > his password, so he
was using =
the=20
  admin's machine to do that.> >>
> I could set up a =
filter=20
  with the old St. Bernard software to alert me> > to about =
any event=20
  I wanted, file access, app use, time of use, pretty>
> much=20
  anything.> >> > -=20
Richard>>

------=_NextPart_000_0362_01C30985.5A717070--

--- BBBS/NT v4.01 Flag-4