How to prevent a group of Windows PC to prevent screen locking or screen saver ?

Problem: I need to keep all of my big display screens (35+) in the entire corporation to be always on and not running screen saver or even locked away to the login screen.

OS: Windows 7 and Windows 10 [all domain joined]

The most recent GPO changes done by the security team mandated that all normal workstations be locked automatically when idle for 5 minutes (no mouse movements).

Can anyone here please assist me how to configure the Group policy to allow the executable called Caffeine.exe to be executed in the background for all of my Display Screen devices?

I have put them all into specific OU: domain.com/Site1/Computers/DisplayTV

Downloaded from: http://www.zhornsoftware.co.uk/caffeine/

Any other idea with PowerShell script that runs windows 7 and 10 would be appreciated.

Thanks in advance
LVL 9
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LBTechSolOperations DirectorCommented:
I would suggest you Group the machines in Question and Deny them from the Default GPO that is managing the power, Once excluded create a new GPO linked to the OU noted above with the Always On power settings that are needed and apply.
2
Senior IT System EngineerIT ProfessionalAuthor Commented:
Hi, I have already created the GPO - Power Scheme (High Performance) - [COMPUTER mode], but so far the screen saver always kicks in or at least locked to the windows login screen.
1
LBTechSolOperations DirectorCommented:
Are the power/lock settings configured within the default domain policy for all other computers? if so this may need to be separated out into its own policy as i think (feel free to correct) that the default domain policy will be enforced overwriting any other GPO linked with your power settings.
1
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Leslie MaclachlanCommented:
Hi,
Try blocking group policy inheritance on your OU you created.

Regards,
Leslie
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
If all else fails, use Move Mouse tool
https://movemouse.codeplex.com/
1
PberSolutions ArchitectCommented:
The security team mandated that all normal workstations be locked after 5 minutes of inactivity.  Do they know you have this requirement for these machines?  Do they know you are using this method to circumvent the screen saver lock?  If they don't I would negotiate a solution with them.  We have these requirements as well, we just lock the associated workstations in secure room, or secure cabinets with limited access (cabinets with FOB readers).  Other options would to remove the keyboard/mouse and place USB locks in the ports (I can let you know what we use if need be).
Then since you have a separate OU, create a new GPO for that OU that just disables the screensaver instead of fighting it.

Ultimately you have a requirement to have these screens unlocked, sometimes you need to push back and negotiate a proper solution as opposed to essentially violating a policy by using a tool to circumvent it.
1
btanExec ConsultantCommented:
If the policy state so for screensaver, you should actually put up a case as primarily it is a dashboard and not user interactive. So really the case of leaving machine unattended and subjected to unauthorised access can be a bit stretched. There needs to be a operationalisation consideration. Policy that does not make practical inclusion will face inconsistent means to "skirt" around it. So if these can be exempted, mitigation measure are to make sure the account is of least privileges and physical access is closely watched and audit log monitored. Regardless, if still needed the exe to keep off the screensaver off, you may think of running the exe as a services so that it can be as background process running. Worth using "NSSM" to run the exe as service - see its link @ http://nssm.cc/scenarios
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
For author advice
0
btanExec ConsultantCommented:
For consideration
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.