Solved

Group Policy to lock computer after idle time has been reached.

Posted on 2014-04-21
3
50,611 Views
2 Endorsements
Last Modified: 2016-01-18
Hello,

I'm running a Windows 2012R2 server with Windows 7 client workstations.

I need to enable a Group Policy to lock the client workstations so that they receive the Ctrl-Alt-Del prompt after 10 minutes of idle time.

Can the Experts please furnish me with the appropriate settings to allow for this to be enabled?  Also, would the Group Policy Object need to be linked to Computers OU or Users OU?

Thank you in advance.

Regards,
Real-Timer
2
Comment
Question by:realtimer
  • 2
3 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40013633
Sometimes an idle time might lead to a screen saver, there is a way to go directly to a lock screen.

Here is a quick howto:
http://prajwaldesai.com/lock-computers-in-domain-via-group-policy/

more info on locking the screen
http://www.bridgetonova.com/2007/11/how-to-lock-computers-when-idle-by.html


You can determine which OU you apply the GPO on
1
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40013644
Detailed steps:
Open the Group Policy Management, right click on your domain and click on Create a GPO in this domain and link it here.
Provide a name to the policy such as Screensaver Policy and click on OK.


Right click the Screen saver policy and click on Edit.
The Group Policy Management Editor opens in a new window, expand User Configuration, expand Policies, expand Administrative Templates, expand Control Panel and click on Personalization.
We will configure the policy settings now.


Double click on Screen saver timeout.
This settings specifies the amount of time after which the screen saver must be launched.
Click on Enabled to enable this policy setting, and set the time after which the screen saver should appear.
In this example i will set the idle time to 60 seconds, which means if the computer is idle for 60 seconds the screen saver will be shown.  Click on Apply and OK.


Double click the policy setting Force specific screen saver.
This setting if enabled displays the screen saver specified in the policy setting.
Click on Enabled, provide the path where the screen saver file is located.
Click on Apply and OK.


Double click the setting Enable Screen saver, click on Enabled, this setting will enable the screen saver.
Before you enable this setting you must specify the screen saver executable path and screen saver timeout must be configured.


Double click the setting Password protect the screen saver and click on Enabled.
(This setting will make all the screen savers password protected.)
If this policy is not configured, then the password protection cannot be set on any screen saver.
For this setting to work correctly, make sure you have enabled the policy setting Enable screen saver and Screen saver timeout. Click on Apply and OK.

Reprinted from:
http://prajwaldesai.com/lock-computers-in-domain-via-group-policy/
1
 

Expert Comment

by:AJ1978
ID: 41418133
Dear IV

As you see from the screen shot the GP was done for users but applied to  computers object. You are saying that I should move the GP to be here instead? Please see update screenUpdated shot.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question