Page 1 of 2 12 LastLast
  1.    23 May 2017 #1
    Join Date : May 2017
    Posts : 7
    Windows 10

    Windows 10 Creators Update - Security Breach Found (or feature...)


    Call this a feature if you want, but it's a terrible one..

    Things you'll need setup to reproduce the issue:
    • Windows 10, Version 1703, OS Build - 15063.296
    • A PIN/Password code login
    • Display timeout of 1 minute

    By pressing the Windows Key, search 'power plan' and select Edit Power Plan.Set 'Turn off the display' after 1 minute.
    How to replicate the issue:

    Firstly, lock your PC with CTRL + L on your keyboard to confirm that when you slide the lockscreen up, it prompts you to enter a PIN/Password.

    If that works fine, then try to do this step and replicate the issue I'm having.

    Let your PC lock after 1min, don't touch anything.

    If it blacks out, wake the screen but stay on the lockscreen.

    Now, slide the lockscreen up by pressing any key and it should promp-..... it's probably taken you straight into the computer without asking for any PIN/Passcode.

    Solution:
    Call up Microsoft/live chat to Microsoft and allow them to Remote Desktop into your PC only to make them realize that they can't do anything. They kept telling me the update wasn't the issue and to roll back..

    It's happened on my Home PC and now my recently updated Work PC. So it's not a coincidence, this is ridiculous and Microsoft should know better.

    All in all, there is no solution. Stay on the Anniversary Update or previous builds.

    Let me know your results.

    (glad to be a part of the community)

    ###############UPDATE##################

    Solution provided by Edwin

    "You'll need to use Screen Saver settings to enable that security feature."

    Last edited by AsadP; 23 May 2017 at 05:54.
      My ComputerSystem Spec
  2.    23 May 2017 #2
    Join Date : Jan 2015
    UK, Midlands
    Posts : 10,971
    Win 10 Pro (1703)

    Turning the display off isn't the same as locking your PC.

    Consider a desktop.. say you switch the monitor off, then switch it back on again. Would you expect to have to log in?

    (I don't use a PIN though so can't compare- but I do use the AU).
      My ComputerSystem Spec
  3.    23 May 2017 #3
    Join Date : May 2017
    Posts : 7
    Windows 10
    Thread Starter

    Quote Originally Posted by dalchina View Post
    Turning the display off isn't the same as locking your PC.

    Consider a desktop.. say you switch the monitor off, then switch it back on again. Would you expect to have to log in?

    (I don't use a PIN though so can't compare- but I do use the AU).
    Of course turning the display off isn't the same as locking but what if you forget to lock your device and want the PC to lock after the display turns off?

    This used to work perfectly fine in the previous builds as mentioned, namely the Anniversary Update.

    Thanks for your input.
      My ComputerSystem Spec
  4.    23 May 2017 #4
    Join Date : Oct 2013
    Newport, South Wales, UK
    Posts : 1,808
    Windows 10 Pro x64 FCU - XP/Vista/Win7/Win8.1 in VM for testing

    There has always been a delay in the requirement for a password, (or now pin), entry in windows after the Screen timeout activates. it's there to allow users to return to their work if the timeout occurs at an inconvenient time, This often happens in business when a user is reviewing a document, and has the timeout set to a low number and the require Password on wakeup is set.

    It used to be 30 secs IIRC but I could be wrong as my memory is no longer foolproof. (I still know all the stuff I used to but there's lots of junk stacked on top of it )

    Incidentally there is also a delay built into the wake-up of a system in sleep or hibernation, which can be caused by a mouse vibration, if no activity occurs in a set time, (3 Mins?), the system will go back to sleep /hibernation - This delay did have an entry in the registry so could be adjusted on systems that are prone to this issue but not sure if there is a similar option for the password requirement delay
      My ComputerSystem Spec
  5.    23 May 2017 #5
    Join Date : May 2017
    Posts : 7
    Windows 10
    Thread Starter

    Quote Originally Posted by Barman58 View Post
    There has always been a delay in the requirement for a password, (or now pin), entry in windows after the Screen timeout activates. it's there to allow users to return to their work if the timeout occurs at an inconvenient time, This often happens in business when a user is reviewing a document, and has the timeout set to a low number and the require Password on wakeup is set.

    It used to be 30 secs IIRC but I could be wrong as my memory is no longer foolproof. (I still know all the stuff I used to but there's lots of junk stacked on top of it )

    Incidentally there is also a delay built into the wake-up of a system in sleep or hibernation, which can be caused by a mouse vibration, if no activity occurs in a set time, (3 Mins?), the system will go back to sleep /hibernation - This delay did have an entry in the registry so could be adjusted on systems that are prone to this issue but not sure if there is a similar option for the password requirement delay
    See this explains it.

    But where the hell is that setting gone in this update and why does it seem like that setting has been wiped indefinitely so there is no timeout anymore..
      My ComputerSystem Spec
  6.    23 May 2017 #6
    Join Date : Jul 2015
    Posts : 9,371
    Windows 10 Pro

    Quote Originally Posted by AsadP View Post
    See this explains it.

    But where the hell is that setting gone in this update and why does it seem like that setting has been wiped indefinitely so there is no timeout anymore..
    It's under settings, system, power & sleep. Adjust the sleep timeout to match the screen turn off time.

    Under settings, accounts, sign in options is the option to require the computer to ask for a password when waking from sleep. There is no option to ask for password when only turning the screen back on after the it has turned off.
      My ComputerSystem Spec
  7.    23 May 2017 #7
    Join Date : Feb 2014
    Posts : 9,355
    Windows 10 Professional

    Quote Originally Posted by AsadP View Post
    See this explains it.

    But where the hell is that setting gone in this update and why does it seem like that setting has been wiped indefinitely so there is no timeout anymore..
    You'll need to use Screen Saver settings to enable that security feature.

    Click image for larger version. 

Name:	000133.png 
Views:	16 
Size:	45.0 KB 
ID:	136278
      My ComputersSystem Spec
  8.    23 May 2017 #8
    Join Date : Jan 2015
    UK, Midlands
    Posts : 10,971
    Win 10 Pro (1703)

    Just beat me to it Edwin!!
      My ComputerSystem Spec
  9.    23 May 2017 #9
    Join Date : Feb 2014
    Posts : 9,355
    Windows 10 Professional

    Quote Originally Posted by dalchina View Post
    Just beat me to it Edwin!!
    A collaborative effort!
      My ComputersSystem Spec
  10.    23 May 2017 #10
    Join Date : Oct 2013
    Newport, South Wales, UK
    Posts : 1,808
    Windows 10 Pro x64 FCU - XP/Vista/Win7/Win8.1 in VM for testing

    Maybe this needs to be read , I've not checked if the key actually exists in the latest release , and if so what the default is but at least I've remembered "Grace Period"

    Change Screen Saver Password Grace Period in Windows Windows 10 General Tips Tutorials
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Windows 10 Creators Update and PowerShell DSC issue found
Source: Windows 10 Creators Update and PowerShell DSC | PowerShell Team Blog
Windows 10 News
Search feature in Creators Update is broken for me after copyprofile
I am trying to prepare my image for deployment using the latest Windows 10 release (15063.250) and the search / Cortana feature seems to break after using the copyprofile flag in my unattend.xml file. I have searched this and seen it was an issue in...
General Support
Security Breach in Microsoft OneDrive: Please help!
Hey guys, I'm running Windows 10 Pro and I've been wanting to remove Microsoft OneDrive from my PC because I'm constantly asked to "sign into" OneDrive at the bottom right hand of my screen. I read online that I can remove the OneDrive app by...
Network and Sharing
Windows 10 Creators Update advances security & best-in-class IT Tools
Source: Windows 10 Creators Update advances security and best-in-class modern IT tools - Windows For Your BusinessWindows For Your Business
Windows 10 News
Security Flaws Found in Google Chromecast, Home Security Systems, ....
Read more: http://news.softpedia.com/news/security-flaws-found-in-google-chromecast-home-security-systems-smart-coffee-makers-495864.shtml#sgal_1
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:32.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums