Knock yer SOX off

Where this may have been the case in other publically-traded companies, we merely had our accounting personnel write the SOX guidelines around current practice. We did have to do a little tightening up on "free access for all users, but all in all, SOX merely documented the controls we already had in place (we were already ISO9000 certified, which helped a whole lot).

Dan Maddox
Pactiv Corp


---- CharlieSmith <CSmith@...> wrote:
> That was my first thought but I was not going to voice it myself.
> Whenever one of my clients say "SOX", I say "show me where it says
> that".
>
>
>
> Charlie Smith
>
> Smith Business Services / 2W Technologies LLC
>
> www.vistaconsultant.com <http://www.vistaconsultant.com/> /
> www.2WTech.com
>
>
>
>
>
> From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
> Of Brian W. Spolarich
> Sent: Saturday, July 25, 2009 1:26 PM
> To: vantage@yahoogroups.com
> Subject: RE: [Vantage] Terminal Server 2008 issue with Vantage and
> Screen Savers
>
>
>
>
>
> Having gone through SOX compliance in a small publicly-traded
> manufacturing company, I've a bit dubious about the notion that a
> screenlock requirement is a "SOX-mandated thing". If your auditors are
> truly insisting that this is what they want to see, then I guess you
> have to do it, but I have a lot of folks inside and outside the
> organization saying "It's a SOX thing" when they don't really know what
> they're talking about.
>
> When I hear "SOX made me do it", I always want to ask "Why?" and "Are
> you sure?". :-)
>
> -bws
>
> --
> Brian W. Spolarich ~ Manager, Information Services ~ Advanced Photonix /
> Picometrix
> bspolarich@...
> <mailto:bspolarich%40advancedphotonix.com> ~ 734-864-5618 ~
> www.advancedphotonix.com
>
> -----Original Message-----
> From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
> [mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
> Behalf Of em.it_ks
> Sent: Friday, July 24, 2009 3:45 PM
> To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
> Subject: [Vantage] Terminal Server 2008 issue with Vantage and Screen
> Savers
>
> Problem: We have group policy enabled screen savers activated on all
> domain PC's (with console lock/re-login required) as part of SOX
> compliance requirements. Our issue is anytime a TS client PC's screen
> saver activates with an active Vantage session - when the user logs back
> in, the vantage session is permanently minimized and inaccessible.
>
>
>
>
>
> [Non-text portions of this message have been removed]
>
>
>
> ------------------------------------
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have already linked your email address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and Crystal Reports and other 'goodies', please goto: http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto: http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto: http://groups.yahoo.com/group/vantage/linksYahoo! Groups Links
>
>
>
Problem: We have group policy enabled screen savers activated on all domain PC's (with console lock/re-login required) as part of SOX compliance requirements. Our issue is anytime a TS client PC's screen saver activates with an active Vantage session - when the user logs back in, the vantage session is permanently minimized and inaccessible.

Pertinent Info:

Service in question - Terminal Services 2008 / applications accessed via TS Web Portal

Server - Windows Server 2008 Standard (32bit) SP1 running on VMWare ESX 3.5

TS Clients - 25 max, 15 on avg. at any given point in time

TS Client PC - XP Pro SP3

Vantage - 8.03.407

Removing the screen saver requirement is not an option as it violates our SOX compliance.

I've called Epicor, their reccomendation is to set the "allow suspend" option for each user in the user vantage profile which I have not tried yet. This solution is not an automatic process, it actually requires the user to select File>Suspend and File>UnSuspend in vantage before they leave their PC's and when they return. This may or may not work but either way, given I can't get users to simply close vantage when they are leaving their desk I doubt I will have much luck getting them to remember to suspend/un-suspend either.

I've searched the web for TS/Screen-saver issues and while there are some I can't find any that match. Has anyone encountered this issue (or something similar) and if so how did you resolve it?

On a side note - I have noticed that if I disconnect the TS session and log the user off the PC, log back in and resume the TS session I can access it (vantage) in some sort of TS Windowed mode by clicking the "Details" button during the TS application logon process. I can't however figure out how to get it out of windowed mode without closing vantage, going into the TS Session Manager and Restting that user session then logging back in (at which point both TS and Vantage resume normal operations).
Having gone through SOX compliance in a small publicly-traded manufacturing company, I've a bit dubious about the notion that a screenlock requirement is a "SOX-mandated thing". If your auditors are truly insisting that this is what they want to see, then I guess you have to do it, but I have a lot of folks inside and outside the organization saying "It's a SOX thing" when they don't really know what they're talking about.

When I hear "SOX made me do it", I always want to ask "Why?" and "Are you sure?". :-)

-bws

--
Brian W. Spolarich ~ Manager, Information Services ~ Advanced Photonix / Picometrix
    bspolarich@... ~ 734-864-5618 ~ www.advancedphotonix.com


-----Original Message-----
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of em.it_ks
Sent: Friday, July 24, 2009 3:45 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Terminal Server 2008 issue with Vantage and Screen Savers

Problem: We have group policy enabled screen savers activated on all domain PC's (with console lock/re-login required) as part of SOX compliance requirements. Our issue is anytime a TS client PC's screen saver activates with an active Vantage session - when the user logs back in, the vantage session is permanently minimized and inaccessible.
That was my first thought but I was not going to voice it myself.
Whenever one of my clients say "SOX", I say "show me where it says
that".



Charlie Smith

Smith Business Services / 2W Technologies LLC

www.vistaconsultant.com <http://www.vistaconsultant.com/> /
www.2WTech.com





From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Brian W. Spolarich
Sent: Saturday, July 25, 2009 1:26 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Terminal Server 2008 issue with Vantage and
Screen Savers





Having gone through SOX compliance in a small publicly-traded
manufacturing company, I've a bit dubious about the notion that a
screenlock requirement is a "SOX-mandated thing". If your auditors are
truly insisting that this is what they want to see, then I guess you
have to do it, but I have a lot of folks inside and outside the
organization saying "It's a SOX thing" when they don't really know what
they're talking about.

When I hear "SOX made me do it", I always want to ask "Why?" and "Are
you sure?". :-)

-bws

--
Brian W. Spolarich ~ Manager, Information Services ~ Advanced Photonix /
Picometrix
bspolarich@...
<mailto:bspolarich%40advancedphotonix.com> ~ 734-864-5618 ~
www.advancedphotonix.com

-----Original Message-----
From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
Behalf Of em.it_ks
Sent: Friday, July 24, 2009 3:45 PM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Subject: [Vantage] Terminal Server 2008 issue with Vantage and Screen
Savers

Problem: We have group policy enabled screen savers activated on all
domain PC's (with console lock/re-login required) as part of SOX
compliance requirements. Our issue is anytime a TS client PC's screen
saver activates with an active Vantage session - when the user logs back
in, the vantage session is permanently minimized and inaccessible.





[Non-text portions of this message have been removed]
LOL.

I think I came across a little harsher than I really meant to. It would be better to say "there are many ways to put your SOX on". People tend to frame things in terms of their perception of the solution, instead of clearly stating the requirement of the financial control, which might be satisfied reasonably by any number of approaches, both technical and mundane. The trick is to be able to argue your case effectively. :-)

-bws

--
Brian W. Spolarich ~ Manager, Information Services ~ Advanced Photonix / Picometrix
    bspolarich@... ~ 734-864-5618 ~ www.advancedphotonix.com


-----Original Message-----
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of CharlieSmith
Sent: Saturday, July 25, 2009 9:14 PM
To: vantage@yahoogroups.com
Subject: [Vantage] knock yer SOX off

That was my first thought but I was not going to voice it myself.
Whenever one of my clients say "SOX", I say "show me where it says
that".



Charlie Smith

Smith Business Services / 2W Technologies LLC

www.vistaconsultant.com <http://www.vistaconsultant.com/> /
www.2WTech.com





From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Brian W. Spolarich
Sent: Saturday, July 25, 2009 1:26 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Terminal Server 2008 issue with Vantage and
Screen Savers





Having gone through SOX compliance in a small publicly-traded
manufacturing company, I've a bit dubious about the notion that a
screenlock requirement is a "SOX-mandated thing". If your auditors are
truly insisting that this is what they want to see, then I guess you
have to do it, but I have a lot of folks inside and outside the
organization saying "It's a SOX thing" when they don't really know what
they're talking about.

When I hear "SOX made me do it", I always want to ask "Why?" and "Are
you sure?". :-)

-bws

--
Brian W. Spolarich ~ Manager, Information Services ~ Advanced Photonix /
Picometrix
bspolarich@...
<mailto:bspolarich%40advancedphotonix.com> ~ 734-864-5618 ~
www.advancedphotonix.com

-----Original Message-----
From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
Behalf Of em.it_ks
Sent: Friday, July 24, 2009 3:45 PM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Subject: [Vantage] Terminal Server 2008 issue with Vantage and Screen
Savers

Problem: We have group policy enabled screen savers activated on all
domain PC's (with console lock/re-login required) as part of SOX
compliance requirements. Our issue is anytime a TS client PC's screen
saver activates with an active Vantage session - when the user logs back
in, the vantage session is permanently minimized and inaccessible.





[Non-text portions of this message have been removed]



------------------------------------

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and Crystal Reports and other 'goodies', please goto: http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto: http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto: http://groups.yahoo.com/group/vantage/linksYahoo! Groups Links
Brian is correct. The screen saver time is not a SOX thing. Auditors
like to argue the point but you can't make a connection between screen
saver lockouts and material financial misstatements or fraud.

You can word your security policies and procedures to address the issue
explaining that you have weighed the risk are are relying on other
controls to compensate. You may end up with a minor control deficiency
but auditors generally give you a few of these as evidence to show that
they did something for all the money you pay them.

Brad Feazell


--- In vantage@yahoogroups.com, "Brian W. Spolarich " <bspolarich@...>
wrote:
>
> Having gone through SOX compliance in a small publicly-traded
manufacturing company, I've a bit dubious about the notion that a
screenlock requirement is a "SOX-mandated thing". If your auditors are
truly insisting that this is what they want to see, then I guess you
have to do it, but I have a lot of folks inside and outside the
organization saying "It's a SOX thing" when they don't really know what
they're talking about.
>
> When I hear "SOX made me do it", I always want to ask "Why?" and "Are
you sure?". :-)
>
> -bws
>
> --
> Brian W. Spolarich ~ Manager, Information Services ~ Advanced Photonix
/ Picometrix
> bspolarich@... ~ 734-864-5618 ~ www.advancedphotonix.com
>
>
> -----Original Message-----
> From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On
Behalf Of em.it_ks
> Sent: Friday, July 24, 2009 3:45 PM
> To: vantage@yahoogroups.com
> Subject: [Vantage] Terminal Server 2008 issue with Vantage and Screen
Savers
>
> Problem: We have group policy enabled screen savers activated on all
domain PC's (with console lock/re-login required) as part of SOX
compliance requirements. Our issue is anytime a TS client PC's screen
saver activates with an active Vantage session - when the user logs back
in, the vantage session is permanently minimized and inaccessible.
>
Ok - let me clarify. The consultants who's job it is to advise us on becoming SOX compliant - have advised upper management to do so and have by virtue thereof (required or not by SOX) forced my hand. So it is required because management believe's it is the best thing given the circumstances and while we have argued and debated the issue that's where it lies (a requirement regardless of the underlying foundation SOX/Management).

That being said, any thoughts or comments on my actual issue that don't involve turning off the screen savers?

--- In vantage@yahoogroups.com, "Brad Feazell" <Brad_feazell@...> wrote:
>
>
> Brian is correct. The screen saver time is not a SOX thing. Auditors
> like to argue the point but you can't make a connection between screen
> saver lockouts and material financial misstatements or fraud.
>
> You can word your security policies and procedures to address the issue
> explaining that you have weighed the risk are are relying on other
> controls to compensate. You may end up with a minor control deficiency
> but auditors generally give you a few of these as evidence to show that
> they did something for all the money you pay them.
>
> Brad Feazell
>
>
> --- In vantage@yahoogroups.com, "Brian W. Spolarich " <bspolarich@>
> wrote:
> >
> > Having gone through SOX compliance in a small publicly-traded
> manufacturing company, I've a bit dubious about the notion that a
> screenlock requirement is a "SOX-mandated thing". If your auditors are
> truly insisting that this is what they want to see, then I guess you
> have to do it, but I have a lot of folks inside and outside the
> organization saying "It's a SOX thing" when they don't really know what
> they're talking about.
> >
> > When I hear "SOX made me do it", I always want to ask "Why?" and "Are
> you sure?". :-)
> >
> > -bws
> >
> > --
> > Brian W. Spolarich ~ Manager, Information Services ~ Advanced Photonix
> / Picometrix
> > bspolarich@ ~ 734-864-5618 ~ www.advancedphotonix.com
> >
> >
> > -----Original Message-----
> > From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On
> Behalf Of em.it_ks
> > Sent: Friday, July 24, 2009 3:45 PM
> > To: vantage@yahoogroups.com
> > Subject: [Vantage] Terminal Server 2008 issue with Vantage and Screen
> Savers
> >
> > Problem: We have group policy enabled screen savers activated on all
> domain PC's (with console lock/re-login required) as part of SOX
> compliance requirements. Our issue is anytime a TS client PC's screen
> saver activates with an active Vantage session - when the user logs back
> in, the vantage session is permanently minimized and inaccessible.
> >
>
Are you using Citrix or remote desktop to access your TS?

We use remote desktop and do not have this issue and we also use a
policy for the screen savers. I'm making the assumption that you are
using the generic screen saver from the PC.



M. Manasa Reddy
manasa@...
P: 630-806-2000
F: 630-806-2001


________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of em.it_ks
Sent: Monday, July 27, 2009 8:37 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: Terminal Server 2008 issue with Vantage and
Screen Savers




Ok - let me clarify. The consultants who's job it is to advise us on
becoming SOX compliant - have advised upper management to do so and have
by virtue thereof (required or not by SOX) forced my hand. So it is
required because management believe's it is the best thing given the
circumstances and while we have argued and debated the issue that's
where it lies (a requirement regardless of the underlying foundation
SOX/Management).

That being said, any thoughts or comments on my actual issue that don't
involve turning off the screen savers?

--- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ,
"Brad Feazell" <Brad_feazell@...> wrote:
>
>
> Brian is correct. The screen saver time is not a SOX thing. Auditors
> like to argue the point but you can't make a connection between screen
> saver lockouts and material financial misstatements or fraud.
>
> You can word your security policies and procedures to address the
issue
> explaining that you have weighed the risk are are relying on other
> controls to compensate. You may end up with a minor control deficiency
> but auditors generally give you a few of these as evidence to show
that
> they did something for all the money you pay them.
>
> Brad Feazell
>
>
> --- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ,
"Brian W. Spolarich " <bspolarich@>
> wrote:
> >
> > Having gone through SOX compliance in a small publicly-traded
> manufacturing company, I've a bit dubious about the notion that a
> screenlock requirement is a "SOX-mandated thing". If your auditors are
> truly insisting that this is what they want to see, then I guess you
> have to do it, but I have a lot of folks inside and outside the
> organization saying "It's a SOX thing" when they don't really know
what
> they're talking about.
> >
> > When I hear "SOX made me do it", I always want to ask "Why?" and
"Are
> you sure?". :-)
> >
> > -bws
> >
> > --
> > Brian W. Spolarich ~ Manager, Information Services ~ Advanced
Photonix
> / Picometrix
> > bspolarich@ ~ 734-864-5618 ~ www.advancedphotonix.com
> >
> >
> > -----Original Message-----
> > From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
> Behalf Of em.it_ks
> > Sent: Friday, July 24, 2009 3:45 PM
> > To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
> > Subject: [Vantage] Terminal Server 2008 issue with Vantage and
Screen
> Savers
> >
> > Problem: We have group policy enabled screen savers activated on all
> domain PC's (with console lock/re-login required) as part of SOX
> compliance requirements. Our issue is anytime a TS client PC's screen
> saver activates with an active Vantage session - when the user logs
back
> in, the vantage session is permanently minimized and inaccessible.
> >
>






[Non-text portions of this message have been removed]
I just realized that you have TS 2008...We have TS 2003.

If you are doing the same as us I can only assume that it is a setting
within 2008. And unfortunately I cannot help here...sorry!



M. Manasa Reddy
manasa@...
P: 630-806-2000
F: 630-806-2001


________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Manasa Reddy
Sent: Monday, July 27, 2009 10:03 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Re: Terminal Server 2008 issue with Vantage and
Screen Savers




Are you using Citrix or remote desktop to access your TS?

We use remote desktop and do not have this issue and we also use a
policy for the screen savers. I'm making the assumption that you are
using the generic screen saver from the PC.



M. Manasa Reddy
manasa@... <mailto:manasa%40weldcoa.com>
P: 630-806-2000
F: 630-806-2001


________________________________

From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
Behalf
Of em.it_ks
Sent: Monday, July 27, 2009 8:37 AM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Subject: [Vantage] Re: Terminal Server 2008 issue with Vantage and
Screen Savers

Ok - let me clarify. The consultants who's job it is to advise us on
becoming SOX compliant - have advised upper management to do so and have
by virtue thereof (required or not by SOX) forced my hand. So it is
required because management believe's it is the best thing given the
circumstances and while we have argued and debated the issue that's
where it lies (a requirement regardless of the underlying foundation
SOX/Management).

That being said, any thoughts or comments on my actual issue that don't
involve turning off the screen savers?

--- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
<mailto:vantage%40yahoogroups.com> ,
"Brad Feazell" <Brad_feazell@...> wrote:
>
>
> Brian is correct. The screen saver time is not a SOX thing. Auditors
> like to argue the point but you can't make a connection between screen
> saver lockouts and material financial misstatements or fraud.
>
> You can word your security policies and procedures to address the
issue
> explaining that you have weighed the risk are are relying on other
> controls to compensate. You may end up with a minor control deficiency
> but auditors generally give you a few of these as evidence to show
that
> they did something for all the money you pay them.
>
> Brad Feazell
>
>
> --- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
<mailto:vantage%40yahoogroups.com> ,
"Brian W. Spolarich " <bspolarich@>
> wrote:
> >
> > Having gone through SOX compliance in a small publicly-traded
> manufacturing company, I've a bit dubious about the notion that a
> screenlock requirement is a "SOX-mandated thing". If your auditors are
> truly insisting that this is what they want to see, then I guess you
> have to do it, but I have a lot of folks inside and outside the
> organization saying "It's a SOX thing" when they don't really know
what
> they're talking about.
> >
> > When I hear "SOX made me do it", I always want to ask "Why?" and
"Are
> you sure?". :-)
> >
> > -bws
> >
> > --
> > Brian W. Spolarich ~ Manager, Information Services ~ Advanced
Photonix
> / Picometrix
> > bspolarich@ ~ 734-864-5618 ~ www.advancedphotonix.com
> >
> >
> > -----Original Message-----
> > From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
<mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
<mailto:vantage%40yahoogroups.com> ] On
> Behalf Of em.it_ks
> > Sent: Friday, July 24, 2009 3:45 PM
> > To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
<mailto:vantage%40yahoogroups.com>
> > Subject: [Vantage] Terminal Server 2008 issue with Vantage and
Screen
> Savers
> >
> > Problem: We have group policy enabled screen savers activated on all
> domain PC's (with console lock/re-login required) as part of SOX
> compliance requirements. Our issue is anytime a TS client PC's screen
> saver activates with an active Vantage session - when the user logs
back
> in, the vantage session is permanently minimized and inaccessible.
> >
>

[Non-text portions of this message have been removed]






[Non-text portions of this message have been removed]
We are publishing Vantage 8.03.407 as a RemoteApp from Terminal Server
2008 with screen savers that require a password but we do not have this
problem. I couldn't tell from your question if your users are running
Vantage as a published app or if they run a full remote desktop from the
TS. Are you publishing Vantage as a RemoteApp? If so, there is hope and
we can start comparing settings.

Brad Feazell


--- In vantage@yahoogroups.com, "em.it_ks" <lpenrod@...> wrote:
>
> Ok - let me clarify. The consultants who's job it is to advise us on
becoming SOX compliant - have advised upper management to do so and have
by virtue thereof (required or not by SOX) forced my hand. So it is
required because management believe's it is the best thing given the
circumstances and while we have argued and debated the issue that's
where it lies (a requirement regardless of the underlying foundation
SOX/Management).
>
> That being said, any thoughts or comments on my actual issue that
don't involve turning off the screen savers?
>
> --- In vantage@yahoogroups.com, "Brad Feazell" Brad_feazell@ wrote:
> >
> >
> > Brian is correct. The screen saver time is not a SOX thing. Auditors
> > like to argue the point but you can't make a connection between
screen
> > saver lockouts and material financial misstatements or fraud.
> >
> > You can word your security policies and procedures to address the
issue
> > explaining that you have weighed the risk are are relying on other
> > controls to compensate. You may end up with a minor control
deficiency
> > but auditors generally give you a few of these as evidence to show
that
> > they did something for all the money you pay them.
> >
> > Brad Feazell
> >
> >
> > --- In vantage@yahoogroups.com, "Brian W. Spolarich " <bspolarich@>
> > wrote:
> > >
> > > Having gone through SOX compliance in a small publicly-traded
> > manufacturing company, I've a bit dubious about the notion that a
> > screenlock requirement is a "SOX-mandated thing". If your auditors
are
> > truly insisting that this is what they want to see, then I guess you
> > have to do it, but I have a lot of folks inside and outside the
> > organization saying "It's a SOX thing" when they don't really know
what
> > they're talking about.
> > >
> > > When I hear "SOX made me do it", I always want to ask "Why?" and
"Are
> > you sure?". :-)
> > >
> > > -bws
> > >
> > > --
> > > Brian W. Spolarich ~ Manager, Information Services ~ Advanced
Photonix
> > / Picometrix
> > > bspolarich@ ~ 734-864-5618 ~ www.advancedphotonix.com
> > >
> > >
> > > -----Original Message-----
> > > From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On
> > Behalf Of em.it_ks
> > > Sent: Friday, July 24, 2009 3:45 PM
> > > To: vantage@yahoogroups.com
> > > Subject: [Vantage] Terminal Server 2008 issue with Vantage and
Screen
> > Savers
> > >
> > > Problem: We have group policy enabled screen savers activated on
all
> > domain PC's (with console lock/re-login required) as part of SOX
> > compliance requirements. Our issue is anytime a TS client PC's
screen
> > saver activates with an active Vantage session - when the user logs
back
> > in, the vantage session is permanently minimized and inaccessible.
> > >
> >
>
Yes, we are running Vantage as a published app via the TS Web Portal. Would love to compare settings! if you'd like to correspond, please feel free to contact me via email.

--- In vantage@yahoogroups.com, "Brad Feazell" <Brad_feazell@...> wrote:
>
>
> We are publishing Vantage 8.03.407 as a RemoteApp from Terminal Server
> 2008 with screen savers that require a password but we do not have this
> problem. I couldn't tell from your question if your users are running
> Vantage as a published app or if they run a full remote desktop from the
> TS. Are you publishing Vantage as a RemoteApp? If so, there is hope and
> we can start comparing settings.
>
> Brad Feazell
>
>
> --- In vantage@yahoogroups.com, "em.it_ks" <lpenrod@> wrote:
> >
> > Ok - let me clarify. The consultants who's job it is to advise us on
> becoming SOX compliant - have advised upper management to do so and have
> by virtue thereof (required or not by SOX) forced my hand. So it is
> required because management believe's it is the best thing given the
> circumstances and while we have argued and debated the issue that's
> where it lies (a requirement regardless of the underlying foundation
> SOX/Management).
> >
> > That being said, any thoughts or comments on my actual issue that
> don't involve turning off the screen savers?
> >
> > --- In vantage@yahoogroups.com, "Brad Feazell" Brad_feazell@ wrote:
> > >
> > >
> > > Brian is correct. The screen saver time is not a SOX thing. Auditors
> > > like to argue the point but you can't make a connection between
> screen
> > > saver lockouts and material financial misstatements or fraud.
> > >
> > > You can word your security policies and procedures to address the
> issue
> > > explaining that you have weighed the risk are are relying on other
> > > controls to compensate. You may end up with a minor control
> deficiency
> > > but auditors generally give you a few of these as evidence to show
> that
> > > they did something for all the money you pay them.
> > >
> > > Brad Feazell
> > >
> > >
> > > --- In vantage@yahoogroups.com, "Brian W. Spolarich " <bspolarich@>
> > > wrote:
> > > >
> > > > Having gone through SOX compliance in a small publicly-traded
> > > manufacturing company, I've a bit dubious about the notion that a
> > > screenlock requirement is a "SOX-mandated thing". If your auditors
> are
> > > truly insisting that this is what they want to see, then I guess you
> > > have to do it, but I have a lot of folks inside and outside the
> > > organization saying "It's a SOX thing" when they don't really know
> what
> > > they're talking about.
> > > >
> > > > When I hear "SOX made me do it", I always want to ask "Why?" and
> "Are
> > > you sure?". :-)
> > > >
> > > > -bws
> > > >
> > > > --
> > > > Brian W. Spolarich ~ Manager, Information Services ~ Advanced
> Photonix
> > > / Picometrix
> > > > bspolarich@ ~ 734-864-5618 ~ www.advancedphotonix.com
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On
> > > Behalf Of em.it_ks
> > > > Sent: Friday, July 24, 2009 3:45 PM
> > > > To: vantage@yahoogroups.com
> > > > Subject: [Vantage] Terminal Server 2008 issue with Vantage and
> Screen
> > > Savers
> > > >
> > > > Problem: We have group policy enabled screen savers activated on
> all
> > > domain PC's (with console lock/re-login required) as part of SOX
> > > compliance requirements. Our issue is anytime a TS client PC's
> screen
> > > saver activates with an active Vantage session - when the user logs
> back
> > > in, the vantage session is permanently minimized and inaccessible.
> > > >
> > >
> >
>
The first thing I would recommend is to disable the screen saver and
screen save timeout on the terminal server's local computer policy. The
only affect this should have is to eliminate the password prompt that
shows up in the RemoteApp after inactivity. It will not impact the
screen save timeout on your PCs. Do this on the terminal server by
running MMC, the open the Group Policy Object Editor snap-in and
navigate to Local Computer Policy\User Configuration\Administrative
Templates\Control Panel\Display. Now disable 'Screen Saver' and 'Screen
Saver timeout'.

Next, create an RDP file from the RemoteApp entry that is being
published in TS Web Access and compare to the following. For now you
might ignore that last line. If the problem persists, we can get into
those details.

redirectclipboard:i:1
redirectposdevices:i:0
redirectprinters:i:1
redirectcomports:i:1
redirectsmartcards:i:0
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:16
span monitors:i:1
prompt for credentials on client:i:1
remoteapplicationmode:i:1
server port:i:3389
allow font smoothing:i:0
promptcredentialonce:i:1
authentication level:i:0
gatewayusagemethod:i:0
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:0
full address:s:SGTS1.americas.dril-quip.net
alternate shell:s:||SG Vantage
remoteapplicationprogram:s:||SG Vantage
gatewayhostname:s:
remoteapplicationname:s:SG Vantage
remoteapplicationcmdline:s:/c start "SG Vantage" /MIN /WAIT /I
cscript.exe \\path\RunERPSystem.vbs <file://\\path\RunERPSystem.vbs>
/p:C:\MfgSys803\Client /s:userpdb /d:MfgSys803 //b //nologo

--- In vantage@yahoogroups.com, "em.it_ks" <lpenrod@...> wrote:
>
> Yes, we are running Vantage as a published app via the TS Web Portal.
Would love to compare settings! if you'd like to correspond, please feel
free to contact me via email.
>
> --- In vantage@yahoogroups.com, "Brad Feazell" Brad_feazell@ wrote:
> >
> >
> > We are publishing Vantage 8.03.407 as a RemoteApp from Terminal
Server
> > 2008 with screen savers that require a password but we do not have
this
> > problem. I couldn't tell from your question if your users are
running
> > Vantage as a published app or if they run a full remote desktop from
the
> > TS. Are you publishing Vantage as a RemoteApp? If so, there is hope
and
> > we can start comparing settings.
> >
> > Brad Feazell
> >
> >
> > --- In vantage@yahoogroups.com, "em.it_ks" <lpenrod@> wrote:
> > >
> > > Ok - let me clarify. The consultants who's job it is to advise us
on
> > becoming SOX compliant - have advised upper management to do so and
have
> > by virtue thereof (required or not by SOX) forced my hand. So it is
> > required because management believe's it is the best thing given the
> > circumstances and while we have argued and debated the issue that's
> > where it lies (a requirement regardless of the underlying foundation
> > SOX/Management).
> > >
> > > That being said, any thoughts or comments on my actual issue that
> > don't involve turning off the screen savers?
> > >




[Non-text portions of this message have been removed]