Screen saver timeout: Console vs Terminal server session.

chico2
chico2 used Ask the Experts™
on
Hi,

This is a question with regard to the following setting in Group Policy:
Administrative Templates/Control Panel/Display/screen saver timeout.

What we'd like to do is configure a different timeout value- depending on
whether a user is logged on at a physical server console, or logged on via
a Terminal server session.  

We'd like to enforce a timeout of say 10 mins at the console, but relax it for the
terminal server session, as the workstation timeout will be sufficient for security purposes.
By doing this we'll be preventing users having to "double-unlock" to get to the
TS sessions.  

Does anybody know how to achieve this?  We're running Windows 2000 + 2003 server.  

Many thanks.  
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
Create a new OU "Terminal Server" and move your terminal servers into this OU.
Create a GPO "Loopback" and link it to your Terminal Server OU; enable the Loopback mode as described in the article below. Reboot the terminal server(s).
You will now be able to link additional(!) GPOs with *user* settings to the Terminal Server OU; these GPOs will be processed for every user logging on to a terminal server, even though the user object is not in the TS OU. The "looped back" policies have a higher priority than the user's default policies, so if you're using Merge mode, you can just change the screen saver timeout or disable the screen saver completely.
You can use the Security Filtering of the GPO to prevent the GPO application for administrators if necessary.

Loopback processing of Group Policy
http://support.microsoft.com/kb/231287

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial