How to setup auto lock computer feature globally?
We are running Windows XP professional on a computer in an office. This computer is shared by many users so we have an administrator that creates accounts for the different users. One problem we have is that users, quite often, forget to log off from the system, leaving quite important documents vulnerable to intruders. What we want to do know is that the computer gets locked automatically after 10 minutes of inactivity. We actually got it working, but only by setting this up in each account. Is there a way were the local administrator can setup this feature globally? Step-by-step instructions would be very much appreciated.
Nirmal Sharma
use screen saver to auto logoff feature
group policy :-)
You can use WinExit to secure inactive workstations. This screen saver program ships in Microsoft Windows NT Server 4.0 Resource Kit. WinExit consists of one file, winexit.scr, which you can find in the resource kit directory.
WinExit Options
Right-click winexit.scr and you'll see the options Install, Test, and Configure. Select Install. A Display Properties dialog box will appear. The Display Properties dialog box shows the Screen Saver tab from the standard Control Panel Display applet; the Screen Saver dropdown menu will have the Logoff Screen Saver option selected.
You can change the value in the Wait spin box to select how long you want your network's computers to wait from the time users become inactive until WinExit starts the logoff process. The default Wait value is 15 minutes.
After the Wait period expires, WinExit starts. The utility displays an Auto Logoff in progress dialog box that warns users that WinExit is going to log them off. Users can click Cancel or press any key to stop the logoff process. The dialog box counts down for a period of time (30 seconds by default). When the period expires, WinExit logs off the user.
To change the length of time the Auto Logoff in progress dialog box counts down, click Settings on the Screen Saver tab. You can configure three settings in the WinExit Setup Dialog box that appears: Force logoff, Time to logoff, and Logoff Message. You configure the logoff countdown period in the Time to logoff section's Countdown text box. The text box's value is the length of the logoff countdown in seconds. WinExit accepts values from 0 to 999. If you set the value to 0, the computer will wait for the period you specify in the Wait spin box, then log off users without giving them a chance to avert the logoff.
The Logoff Message text box lets you customize the Auto Logoff in progress dialog box. Double-click the WinExit icon to see the Auto Logoff in progress dialog box; the message you enter in the Logoff Message text box replaces the default message Use Setup to change the text in this line. You can leave the Logoff Message text box empty or enter a message such as The network is going to log you off because your machine is inactive or To maximize network throughput, the network automatically logs off inactive sessions.
The WinExit Setup Dialog box's Force application termination check box lets WinExit terminate users' applications without saving their data. When users log off NT workstations, they receive messages from applications that have open, unsaved files. These dialog boxes question whether users want to save unsaved data. The default WinExit logoff process waits for users to respond to applications' dialog boxes before logging the users off. However, users who aren't at their desk can't choose to save or reject changes to documents.
If you don't select the Force application termination check box, WinExit won't log off users who have unsaved data. If you select the check box, WinExit won't wait for users to respond to applications' logoff dialog boxes, and users will lose unsaved data. Whether you need to select the Force application termination check box depends on your company's policies and whether all your users diligently run their software's automatic save options.
Regardless of whether you choose to terminate programs that have unsaved data, you can use WinExit to make your network more secure. Make WinExit your next system policy.
WinExit Options
Right-click winexit.scr and you'll see the options Install, Test, and Configure. Select Install. A Display Properties dialog box will appear. The Display Properties dialog box shows the Screen Saver tab from the standard Control Panel Display applet; the Screen Saver dropdown menu will have the Logoff Screen Saver option selected.
You can change the value in the Wait spin box to select how long you want your network's computers to wait from the time users become inactive until WinExit starts the logoff process. The default Wait value is 15 minutes.
After the Wait period expires, WinExit starts. The utility displays an Auto Logoff in progress dialog box that warns users that WinExit is going to log them off. Users can click Cancel or press any key to stop the logoff process. The dialog box counts down for a period of time (30 seconds by default). When the period expires, WinExit logs off the user.
To change the length of time the Auto Logoff in progress dialog box counts down, click Settings on the Screen Saver tab. You can configure three settings in the WinExit Setup Dialog box that appears: Force logoff, Time to logoff, and Logoff Message. You configure the logoff countdown period in the Time to logoff section's Countdown text box. The text box's value is the length of the logoff countdown in seconds. WinExit accepts values from 0 to 999. If you set the value to 0, the computer will wait for the period you specify in the Wait spin box, then log off users without giving them a chance to avert the logoff.
The Logoff Message text box lets you customize the Auto Logoff in progress dialog box. Double-click the WinExit icon to see the Auto Logoff in progress dialog box; the message you enter in the Logoff Message text box replaces the default message Use Setup to change the text in this line. You can leave the Logoff Message text box empty or enter a message such as The network is going to log you off because your machine is inactive or To maximize network throughput, the network automatically logs off inactive sessions.
The WinExit Setup Dialog box's Force application termination check box lets WinExit terminate users' applications without saving their data. When users log off NT workstations, they receive messages from applications that have open, unsaved files. These dialog boxes question whether users want to save unsaved data. The default WinExit logoff process waits for users to respond to applications' dialog boxes before logging the users off. However, users who aren't at their desk can't choose to save or reject changes to documents.
If you don't select the Force application termination check box, WinExit won't log off users who have unsaved data. If you select the check box, WinExit won't wait for users to respond to applications' logoff dialog boxes, and users will lose unsaved data. Whether you need to select the Force application termination check box depends on your company's policies and whether all your users diligently run their software's automatic save options.
Regardless of whether you choose to terminate programs that have unsaved data, you can use WinExit to make your network more secure. Make WinExit your next system policy.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/sdcce_term_lgvk.asp
how to force a lock after a period of inactivity on 2000 server DC"
https://www.experts-exchange.com/questions/21208962/how-to-force-a-lock-after-a-period-of-inactivity-on-2000-server-DC.html
With the slight difference here that you apply the changes to the Default Policy, not to one created for the Domain Controllers.
If you're being picky by saying only "workstations running XP and 2000" and you have a mixed network of Win9x/NT4/2000/XP computers, then you'll need to create a new global policy in the same was as described in the other article, but with a Security Deny apply global policy rule for a new Active Directory group "Excluded From Lock" and add all the domain computers that run NT/Win9x to it, along with any others you don't want the policy to affect.
how to force a lock after a period of inactivity on 2000 server DC"
https://www.experts-exchange.com/questions/21208962/how-to-force-a-lock-after-a-period-of-inactivity-on-2000-server-DC.html
With the slight difference here that you apply the changes to the Default Policy, not to one created for the Domain Controllers.
If you're being picky by saying only "workstations running XP and 2000" and you have a mixed network of Win9x/NT4/2000/XP computers, then you'll need to create a new global policy in the same was as described in the other article, but with a Security Deny apply global policy rule for a new Active Directory group "Excluded From Lock" and add all the domain computers that run NT/Win9x to it, along with any others you don't want the policy to affect.
Now it depends on you how you configure ur Group Policy using the Winexit.scr.
1. Create an OU.
2. Create a Group Policy for this OU.
3. Add all the users to this OU.
4. Configure the Group Policy using this OU and the process the Winexit.scr from Login script or Run the following applications.
5. Restart ur client computers to recieve new settings with this screen saver.
Thankx
SystmProg
1. Create an OU.
2. Create a Group Policy for this OU.
3. Add all the users to this OU.
4. Configure the Group Policy using this OU and the process the Winexit.scr from Login script or Run the following applications.
5. Restart ur client computers to recieve new settings with this screen saver.
Thankx
SystmProg
How does the auto-log off policy work :-
http://x220.minasi.com/forum/topic.asp?TOPIC_ID=12804
http://x220.minasi.com/forum/topic.asp?TOPIC_ID=12804
Steve you should say thanks to TJworld
https://www.experts-exchange.com/questions/21210780/how-to-force-a-lock-on-Workstations-in-a-domain.html
"how to force a lock after a period of inactivity on 2000 server DC"
https://www.experts-exchange.com/questions/21208962/how-to-force-a-lock-after-a-period-of-inactivity-on-2000-server-DC.html
With the slight difference here that you apply the changes to the Default Policy, not to one created for the Domain Controllers.
If you're being picky by saying only "workstations running XP and 2000" and you have a mixed network of Win9x/NT4/2000/XP computers, then you'll need to create a new global policy in the same was as described in the other article, but with a Security Deny apply global policy rule for a new Active Directory group "Excluded From Lock" and add all the domain computers that run NT/Win9x to it, along with any others you don't want the policy to affect.
SP, you just posted the exact same thing I posted!!!!
ASKER
It seems to me that all the above is pertaining a network or log off feature. My question is pertaining to a stand alone computer running XP Professional. The administrator is a local administrator (just for this station) and we want the machine to lock the computer not log off the user. This is so that if the user comes back, he/she will not have lost his/her work and has fast access back to what he/she was working on. Step-by-step instructions needed (time restrictions do not allow us to read pages of manuals we have).
NO, the above refers to setting the screensaver to come on and lock the desktop, not log on and off
that's how you lock the desktop, with the screensaver
that's how you lock the desktop, with the screensaver
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thankx :-)