Auto logoff for inactive users on Windows 7 & Server 2008 R2

Experts,
I have been researching how to create a security policy that auto logs users off after a certain amount of inactivity. This is for security reasons.

I have seen solutions for XP, server 2003, etc, but none for Windows 7 and Server 2008 R2.

Is there a way to do this? Preferably with a GPO?

Thanks in advance..
LVL 2
ChiITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrej PirmanCommented:
Hmmm.... auto LOG-OFF is maybe not the best choice. Users might lose data (unsaved documents) or computer might not log-off if some program could not be stopped.
Why not just configure auto screensaver with LOCK after wake up? That would be secure, power efficient and friendly to users.

On 2008R2 DC, under User Configuration\Policies\Administrative Templates\Control Panel\Personalization you can select Enable Screen Saver, Password Protect Screen Saver, and Screen Saver Timeout without specifying a screensaver itself, so user will be able to select screensaver, but you will enforce timeout and locking via this GPO.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Skyler KincaidNetwork/Systems EngineerCommented:
Check here:

Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Sessions > enable the settings you want to configure.

The log out on the server would make sense but for the Windows 7 workstations the screen saver time being set to the desired time and requiring a password at wakeup would be best practice on the workstations.

If you had the machines logoff the users you would be getting so many calls for lost documents and files it would be crazy. Depending on how the server works you might also get the same thing.
0
ChiITAuthor Commented:
Thanks both, good points. These are not terminal services workstations, so I'm not sure the terminal services solution would work but I like the screensaver option....thank you..
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

ChiITAuthor Commented:
As a follow up, do you know if when configuring auto screen saver with lock, will it use their domain username and password to unlock, and does it record it as a login in AD?
0
Andrej PirmanCommented:
Yes, lock of screensaver is exactly the same as login lock (...or Win+L keys combination for manual locking computer).
But in any case you can login with different credentials, be it domain login (DOMAIN\username) or local login (.\localuser), but if previous user is stil logged-in, in XP you will need to log-off previous user, and in Win7 or higher you can switch users without logging previous one off.

Regarding auditing as login in AD DC...well, I do not know, but I asume again it is the same as first login into computer. If you can track first login, then you should also be able to track login from screensaver. But that's my guess, try it.
0
ChiITAuthor Commented:
Thank you so much
0
sbukovicAnalystCommented:
You may also take a look at Microsoft's Security Configuration Manager Solution Accelerator framework.  It it provides good documented best practice top to bottom security baselines for the different roles that Windows Servers can be assigned.  

https://technet.microsoft.com/en-us/library/gg236605.aspx
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.