> My only aim currently is to stop the > people who have one letter passwords in my office, and forget to > logout when they leave the desk. > > Couldn't you just enforce a password policy on those machines/ ldap to make them have a minimum length/ complexity? And then set their screens to autolock after and a set period of inactvity