ChiIT
asked on
Auto logoff for inactive users on Windows 7 & Server 2008 R2
Experts,
I have been researching how to create a security policy that auto logs users off after a certain amount of inactivity. This is for security reasons.
I have seen solutions for XP, server 2003, etc, but none for Windows 7 and Server 2008 R2.
Is there a way to do this? Preferably with a GPO?
Thanks in advance..
I have been researching how to create a security policy that auto logs users off after a certain amount of inactivity. This is for security reasons.
I have seen solutions for XP, server 2003, etc, but none for Windows 7 and Server 2008 R2.
Is there a way to do this? Preferably with a GPO?
Thanks in advance..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
As a follow up, do you know if when configuring auto screen saver with lock, will it use their domain username and password to unlock, and does it record it as a login in AD?
Yes, lock of screensaver is exactly the same as login lock (...or Win+L keys combination for manual locking computer).
But in any case you can login with different credentials, be it domain login (DOMAIN\username) or local login (.\localuser), but if previous user is stil logged-in, in XP you will need to log-off previous user, and in Win7 or higher you can switch users without logging previous one off.
Regarding auditing as login in AD DC...well, I do not know, but I asume again it is the same as first login into computer. If you can track first login, then you should also be able to track login from screensaver. But that's my guess, try it.
But in any case you can login with different credentials, be it domain login (DOMAIN\username) or local login (.\localuser), but if previous user is stil logged-in, in XP you will need to log-off previous user, and in Win7 or higher you can switch users without logging previous one off.
Regarding auditing as login in AD DC...well, I do not know, but I asume again it is the same as first login into computer. If you can track first login, then you should also be able to track login from screensaver. But that's my guess, try it.
ASKER
Thank you so much
You may also take a look at Microsoft's Security Configuration Manager Solution Accelerator framework. It it provides good documented best practice top to bottom security baselines for the different roles that Windows Servers can be assigned.
https://technet.microsoft.com/en-us/library/gg236605.aspx
https://technet.microsoft.com/en-us/library/gg236605.aspx
ASKER