Group Policy Auto Log Off 2008 AD

We have a lot of users that will leave there computer for an extended amount of time to assist patients. After 10 minutes it will lock there computer, which then requires that user or an administrator to unlock the workstation. Unfortunately there are a lot of users in these area's and more often than not every computer is being used. This imposes a problem when a "normal" account try's to unlock the workstation that has been locked by another users account. What would be the best way to handle this issue? I have never enforced a GPO that would auto log off a user after X amount of minutes.. Would that be the best way to go? I really do not want to give administrator rights to anyone but my department. If the auto log off GPO is my best bet, does anyone know where in group policy i can enforce this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Use the old "winexit.scr" sreeensaver workaround for doing this.

I am however struggling to find a copy specifically for Windows 2008, however all the MS forums say this is the way to go.
Radhakrishnan RSenior Technical LeadCommented:
You can do this by changing domain gpo.

Computer Configuration\Windows Settings
\Security Settings\Local Policies\Security
You have to set the ctrl alt del option or else disable it if not at all required.
I hope you have domain environment with AD.
castonincAuthor Commented:
We have the control alt delete option enabled already, and yes we are using AD. The issue is that after the user leaves the workstation for 10 or 15 minutes the workstation automatically locks its self. So then only that user or an administrator can unlock it!
On simple option is just to disable passwords on workstation screensavers.
This can be done through group Policy. Then a user can log off another user if theya re logged in and log on as themselves. Or use their login without having to know the other user's password.
Not sure if this will remove existing passwords but you could use a few of the group policies to reset the screen savers. They are all located here.
Under User Configuration - Policies - Adminsitrative Templates - Control Panel - Display

Alternatively, there is a third party solution called "Unlock Administrator". Use this link

Unfortunatley, there is no option to modify user rights to unlock screens with Group Policy. I thought there would be


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I also found this. May be of use but I haven't tried it.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.