GPO to Lock workstations

G

Guest

Is there a GPO out to there to just lock a computer after a certain amount of
minutes of inactivity? I know there is one to logoff the account, I could
not find one for just locking the workstation. Thanks in advance.

Jason
 
O

Oli Restorick [MVP]

You need to configure the screensaver to secure (lock) the workstation.
This can be done with group policy. However, it's a user policy, not a
computer policy. If you want to do this for a set of computers, configure a
GPO on the OU containing the machines and use a loopback processing to
configure user settings.

Unfortunately, what group policy doesn't allow you to do is to ensure the
user has a sensible timeout set on the screensaver.

The timeout is stored in the "ScreenSaveTimeOut" value in the following
registry key:
HKEY_CURRENT_USER\Control Panel\Desktop

The unit is seconds. You should be able to script this either by exporting
the registry key to a text file and removing the unnecessary lines. Then
run it using "regedit.exe /s myfile.reg".

Ideally, you want to be able to specify a maximum value, so that if the user
opts for a shorter timeout than the one you specify, they can, but if they
specify a longer timeout, it'll be reset each time they log in. Ask in one
of the scripting groups if you need a hand with this.

Regards

Oli
 
B

Bruce Sanderson

Are you saying that the setting (in a GPO):

Administrative Templates
Control Panel
Display
Screen Saver timeout: xx seconds

doesn't do what it says it will do?

The combination of this one plus
Hide Screen Saver tab: Enabled
Screen Saver: Enabled
Screen Saver Executable name: Enabled - scrnsave.scr
Password protect the screen saver: Enabled

seems to be forcing the computer to lock after xx seconds and require the
user to re-authenticate for us.

--
Bruce Sanderson MVP

It is perfectly useless to know the right answer to the wrong question.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPO lock workstation 9
Auto locking workstations without using password protected screens 2
COmputer Lock out 7
GPO to automatically lock system 1
How do I Lock-out GPO to Clients 1
WSUS and GPO 2
VISTA & GPO 2
Lock access to certain drives/folders 2

Top