?
Solved

GPO to Auto Lock all the computer accounts in a OU

Posted on 2015-02-13
5
Medium Priority
?
393 Views
Last Modified: 2015-03-15
Hello Expert,

I have a situation in office that most of the staff don’t lock their computers when they are away from the desk, management told me to urgently implement a policy that if the computers is not in use for 5minites desktops should auto lock for enhancing the security.

I am using windows 2008 Active directory and all these staff computer accounts are placed under a specific OU called “StaffDesktops”. Please help me to create appropriate GPO to solve the current issue.

Regards,
0
Comment
Question by:smpvm
  • 3
5 Comments
 
LVL 24

Accepted Solution

by:
VB ITS earned 2000 total points
ID: 40607460
Create a new policy or edit an existing policy then browse to the following area:
User Configuration\Policies\Administrative Templates\Control Panel\Display

Enable the following settings:
- Screen Saver
- Screen Saver executable name - set this to %windir%\system32\rundll32.exe user32.dll,LockWorkStation
- Password protect the screen saver
- Screen Saver timeout - set this to 300 seconds (which equals 5 minutes)
Lock-Screen-Policy.jpgThe %windir%\system32\rundll32.exe user32.dll,LockWorkStation value used for the Screen Saver executable name setting will lock the workstation without actually initiating a screen saver. If you'd like to force a specific screen saver (say one with the company logo) then feel free to change this setting :)
0
 
LVL 4

Expert Comment

by:Manoj Bojewar
ID: 40607488
Please follow this article. very simple and step by step.

http://prajwaldesai.com/lock-computers-in-domain-via-group-policy/
0
 

Author Comment

by:smpvm
ID: 40607596
Hello VB ITS,

I just need to clarify 2 things:-

1)Since this GPO is created from the Hierarchy of User Configuration(User Configuration\Policies\Administrative Templates\Control Panel\Display) can i link this GPO to computers OU or only to OU that containing user accounts in it will work with this GPO ?

2)will this file %windir%\system32\rundll32.exe user32.dll,LockWorkStation available by default in windows 2008 server 32Bit ? If yes can i just copy past the path directly to Screen Saver executable name without checking its existence ?

Regards..
0
 

Author Comment

by:smpvm
ID: 40666487
I've requested that this question be closed as follows:

Accepted answer: 0 points for smpvm's comment #a40607596

for the following reason:

good
0
 

Author Closing Comment

by:smpvm
ID: 40666488
good
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question