This mentality is patently wrong to me. You have to realize that maintenance, house keeping, and any manner of other people may enter your area(either legitimate people, or people in disguise). Additionaly, if I were to "go rogue" you better believe I would take advantage of being able to frame someone else and remove attributation from my shoulders. The in-office risk asside, you are also training terrible habits. These habits could lead to your employees leaving their computers unlocked in coffeee shops, at conferences, in their hotel rooms, etc. You have to instill the habit of if you are leaving your computer, you lock you computer into people and make sure they understand why that is.

The author is obviously smart and dedicated - and I’d probably be forced to terminate him. He is an non-supervisory employee, who has not been given administrative access to these computers. He created and deployed a program to other computers without permission that actively thwarted attempts to be shutdown, and modified it get around a GPO that was more than likely pushed out because of what he was doing. This is malware - for a good purpose but still an undesirable application being run without permission.

If the company has decided that computers need to be locked when away from keyboard there will be a policy and procedure for reporting and dealing infractions. This won’t be it. While in this case the program might have been mostly harmless, one never knows when a programming error might spin things out of control. It’s clever, funny to some, but if it accidentally resulted in downtime the stuff the flows downhill would come fast and be unpleasant in some organizations. Plus, annoying your teammates isn’t the best idea long term. I know this may seem harsh, but from my experience organizations with the most need for this security would be the least likely to approve of this method.

My coment is not at all talking about what the OP was doing. I think that he went beyond what he ought to have. I am specifically referring to the mentality of "employees should trust their coworkers and can therefore leave their computers unlocked".

I didn't say they have to keep their computer unlocked, some of them did lock, but I did not enforce a locking policy because I don't think it was necessary in the context. And if I did have to enforce screen locking in other places, it would be out of question to use any passive aggressive behavior or public shaming towards a teammate, if you need trust from your employees, you treat them well. My first reflex would be to look at technology, because locking the computer is a stupid and consistent task and technology is for stupid consistent things.

I think people are too focused on working for military and paranoïa, we need a range of behaviors, from the paranoid to the welcoming, that guy watching your screen could start an interesting discussion about your project, and give you the contact to the right person to help you. You don't want that in a military context, you highly desire it when you're building a vegan pet food marketplace for hipsters.

Not everyone needs to develop like in Aerospace, not everyone needs to develop like in video games, not everyone needs de behave like a NSA agent, and not everyone needs to behave like a farmer's market salesman, we need a range of behaviors.

And whatever the policy, you never, ever, let co-workers be dicks to each others, no "pranks", no public shaming, no sending a prank email from each other's computer. If security is really an big issue, then not locking a computer is a strike, it goes between the boss, the offender and HR, not a matter of joke.