How to prevent a group of Windows PC to prevent screen locking or screen saver ?

Senior IT System Engineer
Senior IT System Engineer used Ask the Experts™
on
Problem: I need to keep all of my big display screens (35+) in the entire corporation to be always on and not running screen saver or even locked away to the login screen.

OS: Windows 7 and Windows 10 [all domain joined]

The most recent GPO changes done by the security team mandated that all normal workstations be locked automatically when idle for 5 minutes (no mouse movements).

Can anyone here please assist me how to configure the Group policy to allow the executable called Caffeine.exe to be executed in the background for all of my Display Screen devices?

I have put them all into specific OU: domain.com/Site1/Computers/DisplayTV

Downloaded from: http://www.zhornsoftware.co.uk/caffeine/

Any other idea with PowerShell script that runs windows 7 and 10 would be appreciated.

Thanks in advance
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
LBTechSolOperations Director

Commented:
I would suggest you Group the machines in Question and Deny them from the Default GPO that is managing the power, Once excluded create a new GPO linked to the OU noted above with the Always On power settings that are needed and apply.

Author

Commented:
Hi, I have already created the GPO - Power Scheme (High Performance) - [COMPUTER mode], but so far the screen saver always kicks in or at least locked to the windows login screen.
LBTechSolOperations Director
Commented:
Are the power/lock settings configured within the default domain policy for all other computers? if so this may need to be separated out into its own policy as i think (feel free to correct) that the default domain policy will be enforced overwriting any other GPO linked with your power settings.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Hi,
Try blocking group policy inheritance on your OU you created.

Regards,
Leslie
Shaun VermaakSenior Consultant
Awarded 2017
Distinguished Expert 2018
Commented:
If all else fails, use Move Mouse tool
https://movemouse.codeplex.com/
PberSolutions Architect
Commented:
The security team mandated that all normal workstations be locked after 5 minutes of inactivity.  Do they know you have this requirement for these machines?  Do they know you are using this method to circumvent the screen saver lock?  If they don't I would negotiate a solution with them.  We have these requirements as well, we just lock the associated workstations in secure room, or secure cabinets with limited access (cabinets with FOB readers).  Other options would to remove the keyboard/mouse and place USB locks in the ports (I can let you know what we use if need be).
Then since you have a separate OU, create a new GPO for that OU that just disables the screensaver instead of fighting it.

Ultimately you have a requirement to have these screens unlocked, sometimes you need to push back and negotiate a proper solution as opposed to essentially violating a policy by using a tool to circumvent it.
Exec Consultant
Distinguished Expert 2018
Commented:
If the policy state so for screensaver, you should actually put up a case as primarily it is a dashboard and not user interactive. So really the case of leaving machine unattended and subjected to unauthorised access can be a bit stretched. There needs to be a operationalisation consideration. Policy that does not make practical inclusion will face inconsistent means to "skirt" around it. So if these can be exempted, mitigation measure are to make sure the account is of least privileges and physical access is closely watched and audit log monitored. Regardless, if still needed the exe to keep off the screensaver off, you may think of running the exe as a services so that it can be as background process running. Worth using "NSSM" to run the exe as service - see its link @ http://nssm.cc/scenarios
btanExec Consultant
Distinguished Expert 2018

Commented:
For author advice
btanExec Consultant
Distinguished Expert 2018

Commented:
For consideration

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial