Unattended Linux devices that are active with a user that is still logged in can create opportunities for unauthorized access to information and misuse of accounts. As an IT Admin, you can remotely apply a policy to lock one inactive device or your entire fleet of devices in your organization.
JumpCloud’s Lock Screen policy for Linux automatically locks the screen and turns on the screen saver if a managed Linux device is inactive for a specified period of time. The policy requires the user to enter the device password to unlock the screen. JumpCloud also provides a Lock Screen policy for Mac and Windows devices.
The Lock Screen policy can lock an inactive device only after mandatory OS processes have completed. There are other settings the user can specify to activate the screensaver with an interval of time that differs from your policy.
Considerations:
- If you’re experiencing delays with the Lock Screen Policy, request that all users to log out and back in to all devices.
- When you apply the Lock Screen Policy to devices for the first time, all users are required to log out and back in before the policy takes effect.
- When you modify the Timeout value, all users are required to log out and back in before the policy changes take effect.
- When you uninstall the Lock Screen Policy, it immediately stops being enforced.
- If you uninstall and then reinstall the Lock Screen Policy, it’s immediately enforced. However, the Timeout value in the uninstalled policy is the one JumpCloud uses. To reset the old value to the value in the newly reinstalled policy, all users are required to log out and back in.
- Many settings affect screen locking, including the following:
- JumpCloud Lock Screen Policy Timeout
- Screen Saver Settings
- Power and Sleep Settings
The shortest setting is the one that takes effect first.
Creating a Lock Screen Policy for Linux Devices
After you create a Lock Screen Policy, you can apply the policy to devices and groups. Once it's created, save the policy and have users log out and back in to all devices where you applied it. After they’ve logged back in, the policy takes immediate effect.
To create a Lock Screen Policy:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to DEVICE MANAGEMENT > Policy Management.
- Click (+) and select the Linux tab.
- Locate the Lock Screen policy and click configure.
- In the Policy Name field, enter a new name for the policy or keep the default. Policy names must be unique.
- (Optional) In the Policy Notes field, enter details like when you created the policy, where you tested it, and where you deployed it.
- Under Settings, enter the number of seconds before the screensaver is launched and password is required in Timeout (seconds).
- (Optional) Click the Device Groups tab and select one or more device groups that will use this policy.
For device groups with multiple OS member types, the policy is applied only to the supported OS.
- (Optional) Click the Devices tab and select one or more devices that will use this policy.
- Click save.