Windows Workstation Screen Lock and Administrative Password Update

On February 25, 2019 the Information Services & Technology Division will introduce two changes to address potential security risks to NJIT owned computers. These changes are being made in response to security incidents as well as recommendation by the institutional security auditors.

Security Risk 1: Unattended Computer Screens

Faculty and staff should be aware of the security risk that is present when someone leaves their computer unattended and the screen unlocked.  This creates easy opportunities for unauthorized access to confidential information and misuse of accounts, such as sending of fake email messages.  

The best practice to reduce this risk is to configure a screen lock for your device.  A screen lock is a security feature where after a period of inactivity, the computer screen will automatically lock until the user enters their login credentials.  As of last fall, screen locks are included as part of a default setting for all university-owned computers managed by Media and Technology Support Services.  

Since many older university-owned Windows computers do not have screen locks set, this feature will be automatically turned "ON" effective February 25, 2019. The default screen lock setting will be 30 minutes. Recognizing that individuals may need to adjust these settings, the screen lock time can be changed by following the instructions on the IST website https://ist.njit.edu/screenlocktimers/.  

Security Risk 2: “Administrator” Accounts

Windows computers come with a default “Administrator” account that has elevated security permissions.  Many viruses and malware target the “Administrator” account, resulting in increased opportunity for unauthorized access to confidential information or misuse of your computer.

The best practice to reduce this risk is to randomize the “Administrator” password and log into your Windows computer using your UCID login and NJITDM password.  

Effective February 25, the “Administrator” passwords will be randomized for any NJIT owned computer connected to the NJITDM Windows domain.  This change will be transparent to everyone using their UCID login and NJITDM password.  Information Services & Technology will personally reaching out to the small number of faculty and staff using the “Administrator” account the week of February 18.

Last Updated: February 18, 2019