• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 123
  • Last Modified:

How to prevent a group of Windows PC to prevent screen locking or screen saver ?

Problem: I need to keep all of my big display screens (35+) in the entire corporation to be always on and not running screen saver or even locked away to the login screen.

OS: Windows 7 and Windows 10 [all domain joined]

The most recent GPO changes done by the security team mandated that all normal workstations be locked automatically when idle for 5 minutes (no mouse movements).

Can anyone here please assist me how to configure the Group policy to allow the executable called Caffeine.exe to be executed in the background for all of my Display Screen devices?

I have put them all into specific OU: domain.com/Site1/Computers/DisplayTV

Downloaded from: http://www.zhornsoftware.co.uk/caffeine/

Any other idea with PowerShell script that runs windows 7 and 10 would be appreciated.

Thanks in advance
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
5 Solutions
 
LBTechSolOperations DirectorCommented:
I would suggest you Group the machines in Question and Deny them from the Default GPO that is managing the power, Once excluded create a new GPO linked to the OU noted above with the Always On power settings that are needed and apply.
2
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Hi, I have already created the GPO - Power Scheme (High Performance) - [COMPUTER mode], but so far the screen saver always kicks in or at least locked to the windows login screen.
1
 
LBTechSolOperations DirectorCommented:
Are the power/lock settings configured within the default domain policy for all other computers? if so this may need to be separated out into its own policy as i think (feel free to correct) that the default domain policy will be enforced overwriting any other GPO linked with your power settings.
1
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Leslie MaclachlanCommented:
Hi,
Try blocking group policy inheritance on your OU you created.

Regards,
Leslie
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
If all else fails, use Move Mouse tool
https://movemouse.codeplex.com/
1
 
PberSolutions ArchitectCommented:
The security team mandated that all normal workstations be locked after 5 minutes of inactivity.  Do they know you have this requirement for these machines?  Do they know you are using this method to circumvent the screen saver lock?  If they don't I would negotiate a solution with them.  We have these requirements as well, we just lock the associated workstations in secure room, or secure cabinets with limited access (cabinets with FOB readers).  Other options would to remove the keyboard/mouse and place USB locks in the ports (I can let you know what we use if need be).
Then since you have a separate OU, create a new GPO for that OU that just disables the screensaver instead of fighting it.

Ultimately you have a requirement to have these screens unlocked, sometimes you need to push back and negotiate a proper solution as opposed to essentially violating a policy by using a tool to circumvent it.
1
 
btanExec ConsultantCommented:
If the policy state so for screensaver, you should actually put up a case as primarily it is a dashboard and not user interactive. So really the case of leaving machine unattended and subjected to unauthorised access can be a bit stretched. There needs to be a operationalisation consideration. Policy that does not make practical inclusion will face inconsistent means to "skirt" around it. So if these can be exempted, mitigation measure are to make sure the account is of least privileges and physical access is closely watched and audit log monitored. Regardless, if still needed the exe to keep off the screensaver off, you may think of running the exe as a services so that it can be as background process running. Worth using "NSSM" to run the exe as service - see its link @ http://nssm.cc/scenarios
1
 
btanExec ConsultantCommented:
For author advice
0
 
btanExec ConsultantCommented:
For consideration
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now