Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 55576
  • Last Modified:

Group Policy to lock computer after idle time has been reached.

Hello,

I'm running a Windows 2012R2 server with Windows 7 client workstations.

I need to enable a Group Policy to lock the client workstations so that they receive the Ctrl-Alt-Del prompt after 10 minutes of idle time.

Can the Experts please furnish me with the appropriate settings to allow for this to be enabled?  Also, would the Group Policy Object need to be linked to Computers OU or Users OU?

Thank you in advance.

Regards,
Real-Timer
2
realtimer
Asked:
realtimer
  • 2
1 Solution
 
becraigCommented:
Sometimes an idle time might lead to a screen saver, there is a way to go directly to a lock screen.

Here is a quick howto:
http://prajwaldesai.com/lock-computers-in-domain-via-group-policy/

more info on locking the screen
http://www.bridgetonova.com/2007/11/how-to-lock-computers-when-idle-by.html


You can determine which OU you apply the GPO on
1
 
becraigCommented:
Detailed steps:
Open the Group Policy Management, right click on your domain and click on Create a GPO in this domain and link it here.
Provide a name to the policy such as Screensaver Policy and click on OK.


Right click the Screen saver policy and click on Edit.
The Group Policy Management Editor opens in a new window, expand User Configuration, expand Policies, expand Administrative Templates, expand Control Panel and click on Personalization.
We will configure the policy settings now.


Double click on Screen saver timeout.
This settings specifies the amount of time after which the screen saver must be launched.
Click on Enabled to enable this policy setting, and set the time after which the screen saver should appear.
In this example i will set the idle time to 60 seconds, which means if the computer is idle for 60 seconds the screen saver will be shown.  Click on Apply and OK.


Double click the policy setting Force specific screen saver.
This setting if enabled displays the screen saver specified in the policy setting.
Click on Enabled, provide the path where the screen saver file is located.
Click on Apply and OK.


Double click the setting Enable Screen saver, click on Enabled, this setting will enable the screen saver.
Before you enable this setting you must specify the screen saver executable path and screen saver timeout must be configured.


Double click the setting Password protect the screen saver and click on Enabled.
(This setting will make all the screen savers password protected.)
If this policy is not configured, then the password protection cannot be set on any screen saver.
For this setting to work correctly, make sure you have enabled the policy setting Enable screen saver and Screen saver timeout. Click on Apply and OK.

Reprinted from:
http://prajwaldesai.com/lock-computers-in-domain-via-group-policy/
1
 
AJ1978Commented:
Dear IV

As you see from the screen shot the GP was done for users but applied to  computers object. You are saying that I should move the GP to be here instead? Please see update screenUpdated shot.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now