This step-by-step article describes how to create a desktop shortcut that you can use
to lock a Windows XP-Based Workstation. To take full advantage of user authentication as
a means of network access control, you must be sure that only the logged-on user is able
to use the workstation. Authentication-based access control loses viability when users
other than the logged-on user are able to obtain access to local and network objects.
If a user steps away from his or her desk, another user can walk up to the unattended
computer and carry out local and network activities by using the credentials of the
logged-on user. The logged-on user is accountable for any activities that took place on
that workstation while away from it. If the logged-on user can account for his or her
whereabouts during the time away from the computer, the credentials of that user are no
longer useful in tracking down access violations that have been completed under the
context of that user's network account.
Users can lock their workstations by using the Ctrl+Alt+Del Security Attention
Sequence (SAS). However, some users are reluctant or unable to press these three keys in
sequence, and because of this, do not lock their workstations while they are away from
the computer.
You can simplify locking the workstation for these users by creating a desktop
shortcut. After you create the shortcut, users can double-click the shortcut to lock the
workstation.
To create the shortcut:
· Right-click an empty area of the desktop, point to New, and then click Shortcut.
· In the Create Shortcut Wizard, type %windir%\System32\rundll32.exe
user32.dll,LockWorkStation in the Type the location of the item box, and then click Next.
Note that LockWorkStation is case sensitive.
· On the "Type a name for this shortcut" page, type Lock Workstation in the Type a
name for this shortcut box, and then click Finish.
· Right-click the shortcut you just made, and then click Properties.
· Click the Shortcut tab, and then click Change Icon.
· In the Change Icon dialog box, type %SystemRoot%\system32\SHELL32.dll in the Look
for icons in this file box, and then click OK.
· Browse through the available icons, and then select an icon that makes it easy for
the users to identify that the shortcut is to be used to lock the workstation.
· Click the icon you want to use, and then click OK. Click OK again.
· Double-click the shortcut, and note that the workstation automatically locks
itself.
The user must press Ctrl+Alt+Del, and then type his or her credentials to unlock the
workstation.