Group Policy to lock specific idle computers

Posted on 2014-03-06
Medium Priority
Last Modified: 2014-04-07
How do I create a group policy that would lock several specific idle computers
Question by:exhuser
  • 2
LVL 40

Expert Comment

ID: 39911605
Just follow PDF file in below article to achieve this


The file speaks itself instead of typing every thing here

Note: same settings can be applied to workgroup computers also with local group policy editor (gpedit.msc) to get them locked after certain period of inactivity


Assisted Solution

michaelalphi earned 750 total points
ID: 39911638
You can do this by following below steps :

1. Create a GPO for screen saver
2. Expand Policies -> Administrative Templates -> Control Panel -> Personalization
3. Enable screen saver
4. Screen saver executable name - scrnsave.scr
5. Enable password protect the screen saver, prevent changing the screensaver, and screen saver timeout 180 seconds
6. Then link it to your domain.
Please check this to gather more info : http://prajwaldesai.com/lock-computers-in-domain-via-group-policy/

Author Comment

ID: 39912838
I don't want this to apply to all computers in the domain -- just several workstations.
LVL 40

Accepted Solution

Mahesh earned 750 total points
ID: 39913234
Create one global security group and add required computers to that group

You can apply your new policy to domain level

In GPMC click new GPO and select scope tab at right hand side and in security filtering, remove authenticated users and add above security group there

Now GPO will apply to only those computers in security group


Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question