We have a Windows x64 workstation that controls special equipment critical to our operations. This workstation only has a set few of trained operators who "know" how to operate it. However, it runs Windows, and this has proven encouraging for others who are not trained to operate the workstation to tinker around, which obviously causes problems.
We've discussed how to alleviate the issue, and multiple user accounts are not an option. The best thing we've come up with is some kind of SmartCard functionality. SmartCards are new to me, but in reading up on them, it seems that they're tied in to the login process. I'm looking for something that would lock the screen/keyboard/mouse if the SmartCard were removed, then immediately unlocked it if it were re-inserted. Anybody know of anything like this?
Update
Thanks for all the responses. I was actually hoping for a turnkey software package, or some suggestions to something like that.
Best Answer
Have you considered biometrics? A fingerprint reader will generally allow either 5 or 10 fingerprints per user account (one for each finger), or in theory, 5-10 people on one user account (just scan each person's finger into a different location).
This won't work if it's in an industrial location - the reader will get dirty, fingers are dirty, grime, dust, all bad for biometrics. And it's not exactly foolproof either (there was a great Mythbusters episode on this), but it should keep honest users out.
I also saw a brilliant system at TradeLink of all places (too bad it didn't stop them from screwing up our order).
They had Sun Thin Clients with smartcards. Every time the hopped up from their desk and took their card with them, the session would lock. Pop it back in, and session would un-lock.
Of course, being thin-client it means that it relies on a Terminal Server and I'm guessing given the sensitive nature of your equipment this wouldn't be practical, but if it exists at a thin client level, I'm sure that there'll be a product that works with traditional desktops as well.