Solved

Force computer to lock after 15 minutes of no activity (Windows 2000 Server & Professional)

Posted on 2004-09-16
5
2,093 Views
Last Modified: 2012-05-05
For out security policies, I need to know how to lock down a computer automatically after so many minutes of inactivity.

What would the proper registry configuration be for this type of task?  The computers are not on a domain and there are no existing policies.  I just need a simple way to use the screensave lock method but I can't find anything very specific on the web.

Thanks,

kruegerste
0
Comment
Question by:kruegerste
  • 3
  • 2
5 Comments
 
LVL 17

Expert Comment

by:Jared Luker
ID: 12079201
0
 
LVL 4

Author Comment

by:kruegerste
ID: 12079237
I see where it lets you set the number of seconds before the screen saver comes on but how do I get it to lock the computer so they must logon again to gain access to the computer.  

Same as Alt + Ctrl + Delete and then lockdown computer.  I want it to do this but automatically.  
0
 
LVL 17

Accepted Solution

by:
Jared Luker earned 500 total points
ID: 12079305
That is what setting ScreenSaveIsSecure to 1 does.  It makes it so that once the screen saver comes on, they need to hit ctrl-alt-delete to enter their password to get back into their boxes.

Here is a vbscript that I wrote to do this.  It might need some tweaking.

Dim NoScreen, SSTimeOut, SSActive, SSLogout, Secure
Dim WshShell, WshSysEnv, WshFSO, WshNetwork
Set WshShell = WScript.CreateObject("WScript.Shell")
Set WshSysEnv = WshShell.Environment("SYSTEM")
Set WshFSO = CreateObject("Scripting.FileSystemObject")            'File System Object
Set WshNetwork = WScript.CreateObject("WScript.Network")      'Network Object

WScript.Echo("start screen saver")

      
SSActive = WshShell.RegRead ("HKCU\Control Panel\Desktop\ScreenSaveActive")
Secure = WshShell.RegRead ("HKCU\Control Panel\Desktop\ScreenSaverIsSecure")
SSTimeOut = WshShell.RegRead ("HKCU\Control Panel\Desktop\ScreenSaveTimeOut")
SSLogout = 0


If SSActive = 0 Then
      'WScript.Echo("Screen Saver Not Active")
      WshFSO.CopyFile ScriptFiles + "\ssbezier.scr", windir + "\System32\ssbezier.scr"
      WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaveActive","1","REG_SZ"
      WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure","1","REG_SZ"
      WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaveTimeOut","900","REG_SZ"
      WshShell.RegWrite "HKCU\Control Panel\Desktop\SCRNSAVE.EXE", WinDir + "\System32\ssbezier.scr"
      WshShell.RegWrite "HKCU\Control Panel\Screen Saver.Bezier\Fill",""
      SSLogout = 1
Else
      If Secure = 0 Then
            'WScript.Echo("screen saver active not secure")
            WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure","1","REG_SZ"
            WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaveTimeOut","900","REG_SZ"
            SSLogout = 1
      End If
End If

if SSTimeOut < 900 Then
      WScript.Echo("time less than 900")
      WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaveTimeOut","900","REG_SZ"
      SSLogout = 1
End If

If SSLogout = 1 Then
      Dim oUser, Group
      Set oUser = GetObject("WinNT://hill-2k/" & objUser & ",user")
      For each Group in oUser.Groups      
            Select Case Group.Name
                  Case "LI OU System Admins"
                        WScript.Echo("Admin detected... not rebooting")
                        Exit Function
                  Case "LI OU Func Admins"
                        WScript.Echo("Admin detected... not rebooting")
                        Exit Function
            End Select
      Next
      
      if strOSVersion = "4.0" Then
            WshShell.Popup "Changes To your screen saver security settings require the computer to be rebooted",15,"Reboot for SS Changes"      
            'Reboot NT Machines
            wshShell.Run ScriptFiles & "\shutdown.exe /l /c /t:1",1,False
            WScript.Sleep(5000)
            WScript.Quit
      Else

      'Log user out on 2000/XP Machines
      Dim objWmiService
      WshShell.Popup "Changes To your screen saver security settings require you to log out and back in.",15,"Reboot for SS Changes"            
      strComputer = "."
      Set colOperatingSystems = GetObject("winmgmts:{(Shutdown)}").ExecQuery("Select * from Win32_OperatingSystem")
      For Each objOperatingSystem in colOperatingSystems
      ObjOperatingSystem.Win32Shutdown(logoff)
      Next

      End If
End If
WScript.Echo("Exit screen saver")
0
 
LVL 4

Author Comment

by:kruegerste
ID: 12079364
This is what it gives me but I can't find it in the registry.  It doesn't give me any path.  I used the "find" feature but still nothing.  

 Hive: HKEY_CURRENT_USER
  Key: Control Panel\Desktop
  Value Name: ScreenSaveIsSecure
  Data Type: REG_SZ
  Value: 0  

Do you know what the path is to get to this Key?
0
 
LVL 4

Author Comment

by:kruegerste
ID: 12079405
Nevermind.  Thanks for your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now