Solved

System Returns to Password Screen Lock after 10 MInutes

Posted on 2008-10-05
17
2,562 Views
Last Modified: 2010-04-21
With all Terminal Server Sessions running on Wyse Terminals and after loggin in to the session with appropriate userid and password, the session returns to the password requires to unlock the computer after 10 minutes.  I have changed the idle timeout in both the terminal server configuration and Group Policy for the Group Policy Object (Terminal Server Users) to 1 day.  It still times out?
0
Comment
Question by:OrcasTech
17 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
That setting is the SCREEN SAVER setting with "on resume, password protect" checked
0
 
LVL 1

Expert Comment

by:No1_Reggie
Comment Utility
Depending on the particular WYSE terminal you are using - some of them have their own control panel which will start a screensaver - check on that but i think your issue is exactly what leew has described.
0
 
LVL 18

Expert Comment

by:sk_raja_raja
Comment Utility
I am assuming you are talking about the windows screensaver ? Configuration\Administrative Templates\Control Panel\Display. The following sub-policies are the ones you are seeking:

Activate screensaver:

If you enable it, a screen saver will run provided the following two condtions hold: First, a valid screensaver on the client is specified via the "Screensaver executable name" policy or via Control Panel on the client computer. Second, the screensaver timeout is set to a nonzero value via the policy or Control Panel.

Password protect the screen saver:

Determines whether screen savers used on the computer are password protected.

If you enable this policy, all screen savers are password protected. If you disable this policy, password protection cannot be set on any screen saver.

This policy also disables the "Password protected" check box on the Screen Saver tab in Display in Control Panel, preventing users from changing the password protection setting.

If you do not configure this policy, users can choose whether or not to set password protection on each screen saver.

This policy is used only when a screen saver is specified for the computer. To specify a screen saver on a computer, in Control Panel, double-click Display, and then click the Screen Saver tab. To specify a screen saver in a policy, use the "Screen saver executable name" policy.

Note: To remove the Screen Saver tab, use the "Hide Screen Saver tab" policy.

Screen saver time out:

Specifies how much user idle time must elapse before the screen saver is launched.

When configured, this idle time can be set from a minimum of 1 second to a maximum of 86400 seconds, or 24 hours. If set to zero, the screen saver will not be launched.

This policy has no effect under any of the following circumstances:

- The policy is disabled or not configured.
- The wait time is set to zero.
- The "Activate screen saver" policy is disabled.
- Neither the "Screen saver executable name" policy nor the Screen Saver tab of the client computer's Display Properties dialog box specifies a valid, existing screensaver program on the client.

When not configured, whatever wait time is set on the client through the Screen Saver tab of the Display Properties dialog box is used. The default is 15 minutes.

Hide Screen Saver Tab:

Removes the Screen Saver tab from Display in Control Panel.

This policy prevents users from using Control Panel to add, configure, or change the screen saver on the computer.


also after changing the policy it will take time to propegate unless you force the policy
0
 

Author Comment

by:OrcasTech
Comment Utility
None of the Group Policies sited are enabled and Windows "password protect" is not checked?
The message on the screen is as follows:
Windows Server 2003 Standard Edition
This Computer is in use and has been locked.
Only USERID (ACCOUNT NAME) or an administrator
can unlock this computer.  The same message one gets when locking your computer using CTRL-ALT-DEL.  It occurs after 10 minutes of idle time.
0
 
LVL 18

Expert Comment

by:sk_raja_raja
Comment Utility
1.Can you run RSOP.msc on that machine and post the results....it should be group policy if not check for any local policy settings on that local machine...run GPEDIT.msc
2.Check your group policy settings.  You may have a group policy that locks the workstation after a set period of inactivity.

User Configuration\Administrative Templates\Control Panel\Display

Screen Saver, Screen Saver executable name (optional), Screen Saver
timeout and Password Protect the Screen Saver.

That will activate the screensaver after some minutes and will prompt the user for the password
0
 
LVL 18

Expert Comment

by:sk_raja_raja
Comment Utility
0
 

Author Comment

by:OrcasTech
Comment Utility
When I run RSOP, a only GP that might be the problem is "Microsoft Network Server: Amount of idle time required before suspending a session" is set to 15 minutes.  Should I change that GP?
0
 
LVL 18

Expert Comment

by:sk_raja_raja
Comment Utility
but in your question you said 10mins????can you reconfirm it ? if it takes 15 mins to lock then its got to be the group policy...you need to change it
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:OrcasTech
Comment Utility
I didn't time it exactly.  It was more than 10 minutes.  I didn't think it went 15 minutes.  Would you suugest that I change it anyway?
0
 
LVL 18

Expert Comment

by:sk_raja_raja
Comment Utility
you can try to change the settings on the group policy and run gpupdate /force.
Restart the workstation and check now
0
 

Author Comment

by:OrcasTech
Comment Utility
That did not work.  I timed it this time and it was 10 minutes and 3 seconds.
0
 
LVL 18

Expert Comment

by:sk_raja_raja
Comment Utility
where did you change the settings..in the group policy or the local policy ?
do you have any other gp with same policy settings?
0
 
LVL 18

Expert Comment

by:sk_raja_raja
Comment Utility
try to change in the local mahcine policy (run gpedit.msc) and check...
0
 

Author Comment

by:OrcasTech
Comment Utility
Group Policy.  There are no other groups with the same policy.   I ran gpedit.msc on the server it is OK, too.
0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 125 total points
Comment Utility
what do you mean by ok here? does it have 10 min settings ?
Change it to 20 or 25 mins on a workstation and see.... i am sure the culprit is the group policy...if it works fine in the workstation probably you should change it again in domain group policy and apply it to all machines and restart the machine.... in simple if the settings in gp is 10 mins it is going to be 10 mins on all workstations..right...
0
 

Author Comment

by:OrcasTech
Comment Utility
I can find no policy or configuration where the settings are 10 minutes.  The Microsoft Network Server Policy defaults to 15 minutes.  That was changed to 30 minutes and the screen still locked after 10 minutes.
0
 

Author Closing Comment

by:OrcasTech
Comment Utility
Understanding all the Group policies that can cause the problem is the key.  I just kept looking at Group Policies, experimenting with changes and finally the problem went away.  I am not sure which change or changes solved the problem.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now