par¥ªýŠç.²è¨žé¢rº,¡û\¢

A while back I was getting alot of activity on my computer that was not mine.
I loaded spyware doctor and found 29 trojan horse viruses on my computer. I
deleted them and setup passwords for all user accounts. My question is: Can
I set XP to automatically log off users after 30 minutes (or whatever) of
inactivity? If so, How?

Also, I have a user account that I did not set up that is listed asd
ASP.machine.NET. It is a limited account. I don't know what it is so I have
not deleted it yet. Any thoughts are apperciated.

ian!©ýŠç.²è¨žé¢rº,¡û\¢

This could be achieved with most programming languages. In fact, all that's
needed is a screensaver-executable containing a single command: logoff. -
when the saver kicks-in the user gets logged-out.

The main issue you'll meet is that the user may have left documents open.
This creates a dilemma: Do you halt the logoff in this case, or do you trash
his work? I see this being an obstacle.

steve riley [msft]

Why do you believe that logging a user off after 30 minutes of inactivity will reduce malware threats? There's no correlation here.

However, in one respect you're thinking correctly: an inactive workstation is often a sign that the user has walked away. Rather than logging off, however, you can simply configure the workstation to lock itself after a period of inactivity. This reduces the threat of someone casually using the computer in the context of the logged on user -- sending email, for instance.

30 minutes is probably too long, though. I'd recommend 10.

I'm very curious about this statement: "a lot of activity on my computer that was not mine." Do you mean to say that you believe someone else walked up to your computer and installed all this malware? If so, then while the technical control of automatic workstation lock can reduce the threat, it certainly won't mitigate it. Train your users to remember to lock the workstation immediately. Also, if in case you're certain that someone intentionally installed the malware, find out who it is and report them to your HR department. That's a person you don't want on your payroll.

_________________________________
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley


I loaded spyware doctor and found 29 trojan horse viruses on my computer. I
deleted them and setup passwords for all user accounts. My question is: Can
I set XP to automatically log off users after 30 minutes (or whatever) of
inactivity? If so, How?

Also, I have a user account that I did not set up that is listed asd
ASP.machine.NET. It is a limited account. I don't know what it is so I have
not deleted it yet. Any thoughts are apperciated.