GPO to Lock workstations

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Is there a GPO out to there to just lock a computer after a certain amount of
minutes of inactivity? I know there is one to logoff the account, I could
not find one for just locking the workstation. Thanks in advance.

Jason
 
You need to configure the screensaver to secure (lock) the workstation.
This can be done with group policy. However, it's a user policy, not a
computer policy. If you want to do this for a set of computers, configure a
GPO on the OU containing the machines and use a loopback processing to
configure user settings.

Unfortunately, what group policy doesn't allow you to do is to ensure the
user has a sensible timeout set on the screensaver.

The timeout is stored in the "ScreenSaveTimeOut" value in the following
registry key:
HKEY_CURRENT_USER\Control Panel\Desktop

The unit is seconds. You should be able to script this either by exporting
the registry key to a text file and removing the unnecessary lines. Then
run it using "regedit.exe /s myfile.reg".

Ideally, you want to be able to specify a maximum value, so that if the user
opts for a shorter timeout than the one you specify, they can, but if they
specify a longer timeout, it'll be reset each time they log in. Ask in one
of the scripting groups if you need a hand with this.

Regards

Oli
 
Are you saying that the setting (in a GPO):

Administrative Templates
Control Panel
Display
Screen Saver timeout: xx seconds

doesn't do what it says it will do?

The combination of this one plus
Hide Screen Saver tab: Enabled
Screen Saver: Enabled
Screen Saver Executable name: Enabled - scrnsave.scr
Password protect the screen saver: Enabled

seems to be forcing the computer to lock after xx seconds and require the
user to re-authenticate for us.

--
Bruce Sanderson MVP

It is perfectly useless to know the right answer to the wrong question.
 
Back
Top