Curt wrote:

I concur. The problem is that the most prevalent e-mail program (Outlook) requires no user intervention as a default when signing and/or encrypting a message with S/MIME. One can override the default to "High Security" (requiring password) only while the X.509 certificate is being installed.

A locking screen saver has been part of Windows since I believe Windows 3.0, but certainly since Windows 95. Proximity cards that you keep in your pocket that automatically lock your Windows workstation when you step away from it are readily available in the marketplace. And yes, it generally is a bad idea to walk away from your workstation in a shared space while leaving yourself logged in as root. --Lucky