Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Can a workstation be set up to automatically lock after a set idle time w/out using the screen saver option?

Posted on 2003-03-20
15
Medium Priority
?
249 Views
Last Modified: 2010-04-13
I recently replaced a user's PC in our department.  I was working on the old box to clear out the user's information because I will be using the box in our lab.  I noticed that when the PC was idle for a few minutes, the workstation automatically locked itself as if you pressed CTRL-ALT-DEL and locked it.  However, it is not invoking a password protected screen saver.  It just simply locks.  I spoke to the user, but he didn't know why it was doing it.  He simply thought it was supposed to that.  

I, myself, have not been able to find out how this works.  It would be very useful for our department.  We are a healthcare provider, and with the new HIPPA laws, this feature would be excellent to apply to all of our users' PCs to meet the security policies of HIPPA.  

Does anyone know how this is done?
0
Comment
Question by:Drummerboy
  • 5
  • 4
  • 4
  • +2
15 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8176409
Well you can create a .bat file with this command

RUNDLL32 USER32.DLL,LockWorkStation

and use the Task Scheduler and set the schedule When Idle and specify the idle time.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8176433
Or open the resgitry to

HKEY_CURRENT_USER\Control Panel\Desktop

and set the

SCRNSAVE.EXE to the path of the .bat file

and set the

ScreenSaveTimeOut to 60 * mins

Example
SCRNSAVE.EXE   TheDrive\TheFolder\TheFile.bat

15 mins
ScreenSaveTimeOut   900
0
 
LVL 7

Expert Comment

by:YarnoSG
ID: 8176549
or just use the "blank screen" screensaver;  I assume you want to lock the computer but not tie up the processor like the GDI & Marquee screensavers do.

-HTH
-Steven Yarnot
http://yarnosg.home.insightbb.com
0
[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

 
LVL 2

Expert Comment

by:ascension1014
ID: 8176678
Drummerboy, try this...

Rt click on desktop
click properties
click screen saver tab
click power button
set system standby to prescribed time
click advanced tab
check "promt for password when computer goes off standby"
Click apply then ok.

too easy....
0
 

Author Comment

by:Drummerboy
ID: 8177369
In reviewing the comments from CrazyOne, I did some experimenting on my own with the registry key HKEY_CURRENT_USER\Control Panel\Desktop, and figured it out myself.  

All you have to do is set the following Values as stated:

ScreenSaveActive : REG_SZ : 1
ScreenSaverIsSecure : REG_SZ : 1
ScreenSaveTimeOut : REG_SZ : 900 {or however long you like, in seconds}
SCRNSAVE.EXE : REG_SZ : (NONE)

This invokes the "Password Protected" aspect of the screen saver applet without starting a screen saver itself.  Thus simply locking the workstation.

Now, my next step is figuring out how to keep "Joe User" from being able to change these settings from the Display Properties dialog box.  Since the user has permission to change their desktop, they can change their screen saver settings, thus possibly disabling the automatic lock workstation.  I know I can set permissions on Registry Keys; however, restricting their permissions from the Desktop key, keeps the user from changing many other aspects of their desktop environment.

I simply need a way to automatically lock the workstation, and keep "Joe User" from changing that setting.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8177531
Start > Run gpedit.msc

User Configuration > Administrative Templates > Control Panel > Display
Hide Screen Saver tab
0
 

Author Comment

by:Drummerboy
ID: 8198850
Is there a way to allow a user to choose their screensaver but still have the lock feature unchangeable by the user?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8199610
I don't think so. That is why I think it is better to use the Task Secheduler.
0
 
LVL 9

Accepted Solution

by:
MSGeek earned 200 total points
ID: 8199860
Is there a way to allow a user to choose their screensaver but still have the lock feature unchangeable by the user?

There are two group policies that may lock that part of the screen saver down:

Password protect the screen saver
Screen Saver timeout

Without testing it I do not know if the user would still be able to change the password or the time.  I doubt they would.  Give it a try. MSGeek.
0
 

Author Comment

by:Drummerboy
ID: 8221116
OK.  With credit going to CrazyOne and MSGeek (and some testing of my own), here is the solution to force a workstation to lock after a set idle time with or without the use of a screen saver.  Also this allows the user to still choose a screen saver if they wish, but they cannot change the time out period or disable the password protection.

Open the Group Policy Editor (gpedit.msc) and make the following changes:

Path:  User Configuration - Administratoive Templates - Control Panel - Display:
Activate screen saver = Enable (forces the screen saver to activate even if the user has not set on up)
Password protect the screen saver = Enable (automatically locks the workstation when the screen saver is activated; disables the option in the Display Settings)
Screen Saver timeout = Enable (When you enable this policy, you can set the timeout period in seconds.  This overrides what the user tries to select if they use a screen saver.)

To my knowledge, as long as the user does not have Administrative Rights to the local machine, they cannot change these policies.

There you have it.  Thanks to everyone for their comments.  This is my first time to use this site, and I will definitely return for future assistance!
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8221612
Glad I could help.  MSGeek.
0
 

Author Comment

by:Drummerboy
ID: 8238839
One more thing...

If someone would post the "official" answer, I'll accept it as the correct one.

Thanks!
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8238927
The official answer is really the entire post.  Once this question is fileed in previously answered questions, nayone who brings it up in a search will be anle to read the whole thing, which is better than anything I could type gere in response to:

"If someone would post the "official" answer, I'll accept it as the correct one."
0
 

Author Comment

by:Drummerboy
ID: 8238976
Oh.  Thanks!
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8239051
Again, glad I could help.  Sorry for the typos.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
As a matter of fact, Outlook OST files are of much importance in relation to Exchange mailbox. OST files are independent as they are simply copy of data of a user’s mailbox on Exchange Server. Though, if the server’s status is changed or it is dama…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses
Course of the Month10 days, 5 hours left to enroll

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question