Screensaver lockout in Group Policy

  • Thread starter Thread starter Craig
  • Start date Start date
C

Craig

Hi.

I am going to be implementing a group policy where if a
users pc is unattended for at least 30 min, the
screensaver lockout policy will lock their workstation
and that they will have to log back in after it has taken
affect. But my question is this:
If it locks the user out, and if the user has processes
running in the background, applications open,
applications that chamge pages, will they get affected? I
really don't want to apply this policy and have a machine
stop running these apps and processes when it locks out
the person.

Could somebody please give me some insight to this, as I
would like to do this today.

Thanks much

Craig
 
Craig,

What exact policy setting are you working with? Please specify the path. But
off of the top of my head I think you are saying you 'lock the workstation'
after so much time. This will not 'logoff' the user. In other words work in
process will not be lost. They just have to supply the credentials to
'unlock' the system.

In policy you have "Hide Screen Saver", which hides the screen saver tab
from the display control panel. You have "Screen Saver", which simply
enables the screen saver. You have "Screensaver executable name" self
explanatory. Another is "Password protect the screen saver" this means that
when a screen saver is activeated in order to get back to your system you
must supply your password (I think this is the one you are talking about?).
Another is "Screensaver timeout", this is how much time the system is idle
before lauching the screensaver. And you have "Allow screen saver during
playback", this one is realted to Windows Media Player I believe and it
simply says while WMP is running the screen saver can activate.

So unless you are using the logoff.scr from the resource kit or another
solution to actually logoff a system after an idle period than no users are
negatively affected by the setting. If you are logging off the user than you
so run the risk of losing work depending on how you are doing this. If you
are using the logoff.scr you will need to deploy this file to all systems
who are configured to run it. Deployment of files is not available
functionality with any of Microsoft's 11 extensions. The method for
deployment/distribution of the file needs to be something like a script,
SMS, LanDesk whatever mechanism you use. To truly move data around, transfer
files, collect files etc. through Group Policy you would need to use
something like the file extension that we provide with Policy Maker.

Hope that helps...

Kevin
AutoProf
http://www.autoprof.com/policy
 
Yes, that is correct.
Path - Def Dom Pol\User config\Admi Templ\C
Panel\Display\Password Protect and Screen Saver (set to
1800min).
I just needed to know if by this, if it would affect any
open apps or processes running.

Thanks Kevin for the response.
 
Nope... the apps and processes running in the background at time of lock
will continue to run. If they need user intervention at any point, the
computer will have to be unlocked manually by the user logged into the
workstation or any account that is part of the local administrator group.

HTH

Ken
 
I have the same policy running, but I want to remove/exclude one workstation
from this GP. How do I go about doing this?

Thanks,
John
 
I believe that's a user policy... I think you'd have to enable loopback
processing on an OU with that one computer in it... configure the
screensaver policy there for "none" and no wait time.

You may want to wait for someone to confirm my answer before doing this,
just to make sure it's right ;)

Any comments on this suggestion?

Ken
 
Hi

I have applied the same screensaver policy but it does not apply to all
machines/users.

A user can log onto one PC and the screen locks at the required time,
another user logs onto the same PC and the sreen doesn't lock.

The first user then logs onto another PC and the screen does not lock....
Then later in the day it does apply and the screen locks, all the way
through the PSOP/gpresult shows the policy as applied.

Anyone have an idea why there is this aparrant random behaviour?

M
 
I would have to say the computer didn't 'see' it needed to apply the policy
to the user that it wasn't locking on earlier, but did as the GP refreshed
itself for the user.

Sometimes it can take a little bit of time for the GPO to apply and take
effect.

HTH

Ken
 
Back
Top