Solved

GPO to Auto Lock all the computer accounts in a OU

Posted on 2015-02-13
5
216 Views
Last Modified: 2015-03-15
Hello Expert,

I have a situation in office that most of the staff don’t lock their computers when they are away from the desk, management told me to urgently implement a policy that if the computers is not in use for 5minites desktops should auto lock for enhancing the security.

I am using windows 2008 Active directory and all these staff computer accounts are placed under a specific OU called “StaffDesktops”. Please help me to create appropriate GPO to solve the current issue.

Regards,
0
Comment
Question by:smpvm
  • 3
5 Comments
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40607460
Create a new policy or edit an existing policy then browse to the following area:
User Configuration\Policies\Administrative Templates\Control Panel\Display

Enable the following settings:
- Screen Saver
- Screen Saver executable name - set this to %windir%\system32\rundll32.exe user32.dll,LockWorkStation
- Password protect the screen saver
- Screen Saver timeout - set this to 300 seconds (which equals 5 minutes)
Lock-Screen-Policy.jpgThe %windir%\system32\rundll32.exe user32.dll,LockWorkStation value used for the Screen Saver executable name setting will lock the workstation without actually initiating a screen saver. If you'd like to force a specific screen saver (say one with the company logo) then feel free to change this setting :)
0
 
LVL 4

Expert Comment

by:Manoj Bojewar
ID: 40607488
Please follow this article. very simple and step by step.

http://prajwaldesai.com/lock-computers-in-domain-via-group-policy/
0
 

Author Comment

by:smpvm
ID: 40607596
Hello VB ITS,

I just need to clarify 2 things:-

1)Since this GPO is created from the Hierarchy of User Configuration(User Configuration\Policies\Administrative Templates\Control Panel\Display) can i link this GPO to computers OU or only to OU that containing user accounts in it will work with this GPO ?

2)will this file %windir%\system32\rundll32.exe user32.dll,LockWorkStation available by default in windows 2008 server 32Bit ? If yes can i just copy past the path directly to Screen Saver executable name without checking its existence ?

Regards..
0
 

Author Comment

by:smpvm
ID: 40666487
I've requested that this question be closed as follows:

Accepted answer: 0 points for smpvm's comment #a40607596

for the following reason:

good
0
 

Author Closing Comment

by:smpvm
ID: 40666488
good
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question