Recently, the company I work for received their TISAX certification. TISAX is the short for TRUSTED INFORMATION SECURITY ASSESSMENT EXCHANGE and is widely used in the automotive industry. In general a good thing, as it boosts awareness with personnel when dealing with sensitive information.

Part of the company’s regulations is, that the screen of any idle workstation is blocked automatically after a certain amount of time. This in general is very useful, since it prevents malicious use of an unattended workstation and I fully support that. I usually block my workstation/notebook whenever I step away from it, but that is not so common for other people.

And with this new regulation being centrally controlled by sysadmin my problem starts: I run a Linux hosted computer and have my MS-Windows workstation as a VM on it. At the same time, I access a second Windows based workstation that provides a specific build toolchain for embedded development via RDP. So I have two computers where the screen blocker goes off every few minutes. So, whenever I leave my desk, I block the X-Window screen with a simple Meta+L and when I come back, I have to enter my password three times just to unblock everything again. Switching between the toolchain box (for coding) and the VM (for writing documentation) is another hassle: A few days ago, I took notes how often I had to enter my password just to unblock the screen(s): more than 30 times.

This is just so annoying as according to sysadmin it does not seem technically possible to add exceptions to the MS Active Directory rules for VMs and RDP sessions.

After a bit of thinking and reading some docs, I came up with the following script which takes care of the problem by pressing the Ctrl-Key every three minutes inside a Windows VM and the RDP sessions. The host system is not affected by it.

# Copyright 2020      ipwizard
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of
# the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see

while true; do
  # take care of Virtual Box window
  for i in $VMLIST; do
    VBoxManage list runningvms | grep '"'$i'"' > /dev/null
    if [ $? = 0 ]; then
      # echo "Send key to VM"
      VBoxManage controlvm "$i" keyboardputscancode 1d 9d

  # and now the xfreerdp sessions
  WINID=xwininfo -root -tree -int | grep xfreerdp | tr -s ' ' | cut -d' ' -f2
  if [ "x$WINID" != "x" ]; then
    # echo "Send key to RDP"
    xdotool key --window $WINID ctrl
  sleep 180

Adding the above to the autostart group solves the problem: I need to enter the password only to unlock the host system and I am a happy camper again.

When company policy rules getting in the way to get work done