• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 446
  • Last Modified:

GPO to Auto Lock all the computer accounts in a OU

Hello Expert,

I have a situation in office that most of the staff don’t lock their computers when they are away from the desk, management told me to urgently implement a policy that if the computers is not in use for 5minites desktops should auto lock for enhancing the security.

I am using windows 2008 Active directory and all these staff computer accounts are placed under a specific OU called “StaffDesktops”. Please help me to create appropriate GPO to solve the current issue.

  • 3
1 Solution
VB ITSSpecialist ConsultantCommented:
Create a new policy or edit an existing policy then browse to the following area:
User Configuration\Policies\Administrative Templates\Control Panel\Display

Enable the following settings:
- Screen Saver
- Screen Saver executable name - set this to %windir%\system32\rundll32.exe user32.dll,LockWorkStation
- Password protect the screen saver
- Screen Saver timeout - set this to 300 seconds (which equals 5 minutes)
Lock-Screen-Policy.jpgThe %windir%\system32\rundll32.exe user32.dll,LockWorkStation value used for the Screen Saver executable name setting will lock the workstation without actually initiating a screen saver. If you'd like to force a specific screen saver (say one with the company logo) then feel free to change this setting :)
Manoj BojewarCommented:
Please follow this article. very simple and step by step.

smpvmAuthor Commented:
Hello VB ITS,

I just need to clarify 2 things:-

1)Since this GPO is created from the Hierarchy of User Configuration(User Configuration\Policies\Administrative Templates\Control Panel\Display) can i link this GPO to computers OU or only to OU that containing user accounts in it will work with this GPO ?

2)will this file %windir%\system32\rundll32.exe user32.dll,LockWorkStation available by default in windows 2008 server 32Bit ? If yes can i just copy past the path directly to Screen Saver executable name without checking its existence ?

smpvmAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for smpvm's comment #a40607596

for the following reason:

smpvmAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now