Has anyone brought up the bug that allows you to circumvent the IGEL OS lock screen?

Has anyone brought up the bug that allows you to circumvent the OS lock screen?

Learn more, read the entire thread inside the IGEL Community o Slack

In which context and Firmware?, if a user is logged into their published desktop and locks it, they can go to the igel desktop and relaunch the same desktop and it will log them back in.

That sounds more like a timeout concern for the V.M. login/connection interface. You could design the thin client to end the process for the login screensaver when the screensaver turns on (or based on other conditions). We have this with Storefront… so I just close Firefox, and have a script that closes Firefox if the Igel screensaver is running.

Im not sure if its a screen saver issue we don’t have a screen saver enabled. The user with dual screen will lock his or her windows desktop, then the second monitor is black, so they go to the top and hit the swtich desktop T icon and it brings them down to the Desktop selection screen and they are allowed to then launch the same desktop again, and it just logs them into the same session they had locked. THe issue is when the user locks their desktop the IGEL does not respect that and allows them to get back to the selection screen.

Right, it sounds like a matter of the connection interface not timing out or closing automatically. While the thin client probably doesn’t control that, you could mitigate it via thin client policy (as I did by making Firefox close when the screensaver runs). Alternately, it might be possible to configure the connection interface to close/sign out/time out after a certain amount of time.

I think this is the same with a regular Windows endpoint. As long as you are stll authenticated in Storefront you always could relaunch the session. To lower the risk you could configure a shorter timeout on Storefront.

Yes, that’s right, René; it’s probably exactly the same on any client; I saw it on H.P. Windows thin clients as well as Igel. I was guessing that Kendrick was using Storefront, but wasn’t sure.

A possible solution in addition to the Citrix server side based config: you may use the Igel Screensaver (combined with the password Sync option kb.igel.com/igelos-10.05.500/en/storefront-login-8619863.html) or create a logoff action based on user timeout like a pnlogoff:


Ok, this is just something we didn’t see when using the WYSE thin clients the IGEL’s replaced. Yes we are using Storefront, and could shorten the time out as an option.

They may have disabled the concerned hotkeys to minimize / toggle / close, that‘s something you could achieve also here:


yes it’s the same on windows / linux. Most easy solution is to create a separate store and reduce automatic logoff time to a really short value. Thus the user can start his session on the ThinClient and if he then locks the screen he is already logged of from storefront.

Continue reading and comment on the thread ‘Has anyone brought up the bug that allows you to circumvent the IGEL OS lock screen?’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base

Ask a question or comment on the above message thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!

Popular Message Threads

Categories & Tags: