Solved

GPO to Auto Lock all the computer accounts in a OU

Posted on 2015-02-13
5
199 Views
Last Modified: 2015-03-15
Hello Expert,

I have a situation in office that most of the staff don’t lock their computers when they are away from the desk, management told me to urgently implement a policy that if the computers is not in use for 5minites desktops should auto lock for enhancing the security.

I am using windows 2008 Active directory and all these staff computer accounts are placed under a specific OU called “StaffDesktops”. Please help me to create appropriate GPO to solve the current issue.

Regards,
0
Comment
Question by:smpvm
  • 3
5 Comments
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40607460
Create a new policy or edit an existing policy then browse to the following area:
User Configuration\Policies\Administrative Templates\Control Panel\Display

Enable the following settings:
- Screen Saver
- Screen Saver executable name - set this to %windir%\system32\rundll32.exe user32.dll,LockWorkStation
- Password protect the screen saver
- Screen Saver timeout - set this to 300 seconds (which equals 5 minutes)
Lock-Screen-Policy.jpgThe %windir%\system32\rundll32.exe user32.dll,LockWorkStation value used for the Screen Saver executable name setting will lock the workstation without actually initiating a screen saver. If you'd like to force a specific screen saver (say one with the company logo) then feel free to change this setting :)
0
 
LVL 4

Expert Comment

by:Manoj Bojewar
ID: 40607488
Please follow this article. very simple and step by step.

http://prajwaldesai.com/lock-computers-in-domain-via-group-policy/
0
 

Author Comment

by:smpvm
ID: 40607596
Hello VB ITS,

I just need to clarify 2 things:-

1)Since this GPO is created from the Hierarchy of User Configuration(User Configuration\Policies\Administrative Templates\Control Panel\Display) can i link this GPO to computers OU or only to OU that containing user accounts in it will work with this GPO ?

2)will this file %windir%\system32\rundll32.exe user32.dll,LockWorkStation available by default in windows 2008 server 32Bit ? If yes can i just copy past the path directly to Screen Saver executable name without checking its existence ?

Regards..
0
 

Author Comment

by:smpvm
ID: 40666487
I've requested that this question be closed as follows:

Accepted answer: 0 points for smpvm's comment #a40607596

for the following reason:

good
0
 

Author Closing Comment

by:smpvm
ID: 40666488
good
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now