Re: GPO to Lock workstations

From: Oli Restorick [MVP] (oli_at_mvps.org)
Date: 08/28/04

• Next message: Dmitry Korolyov [MVP]: "Re: Deploying software"
• Previous message: Oli Restorick [MVP]: "Re: remove internet explorer from windows exloprer"
• In reply to: Jason: "GPO to Lock workstations"
• Next in thread: Bruce Sanderson: "Re: GPO to Lock workstations"
• Reply: Bruce Sanderson: "Re: GPO to Lock workstations"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sat, 28 Aug 2004 11:39:21 +0100

You need to configure the screensaver to secure (lock) the workstation.
This can be done with group policy. However, it's a user policy, not a
computer policy. If you want to do this for a set of computers, configure a
GPO on the OU containing the machines and use a loopback processing to
configure user settings.

Unfortunately, what group policy doesn't allow you to do is to ensure the
user has a sensible timeout set on the screensaver.

The timeout is stored in the "ScreenSaveTimeOut" value in the following
registry key:
HKEY_CURRENT_USER\Control Panel\Desktop

The unit is seconds. You should be able to script this either by exporting
the registry key to a text file and removing the unnecessary lines. Then
run it using "regedit.exe /s myfile.reg".

Ideally, you want to be able to specify a maximum value, so that if the user
opts for a shorter timeout than the one you specify, they can, but if they
specify a longer timeout, it'll be reset each time they log in. Ask in one
of the scripting groups if you need a hand with this.

Regards

Oli

"Jason" <Jason@discussions.microsoft.com> wrote in message
news:5FF65E0E-14BF-4102-91BB-EA4D8974F791@microsoft.com...
> Is there a GPO out to there to just lock a computer after a certain amount
> of
> minutes of inactivity? I know there is one to logoff the account, I could
> not find one for just locking the workstation. Thanks in advance.
>
> Jason

---

• Next message: Dmitry Korolyov [MVP]: "Re: Deploying software"
• Previous message: Oli Restorick [MVP]: "Re: remove internet explorer from windows exloprer"
• In reply to: Jason: "GPO to Lock workstations"
• Next in thread: Bruce Sanderson: "Re: GPO to Lock workstations"
• Reply: Bruce Sanderson: "Re: GPO to Lock workstations"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Groups Policy for various screensaver timeouts ... Using Windows Server 2003 and just getting familiar with Group Policy. ... I have some users whom I need to set a screensaver to timeout in 30 ... (microsoft.public.windows.server.sbs) Re: Registry question on HKEY_USERS ... Oli ... but what you are setting is the timeout to WAIT ... > screensaver is less than windows default of 6 seconds. ... >> You would need to script the change on login, or use group policy. ... (microsoft.public.win2000.registry) Re: Extremely slow logons ... Is the troublesome workstation by any chance using a wireless LAN ... > My client computer is getting the below error during group policy setting ... (The specified domain ... (microsoft.public.windows.server.sbs) RE: Customising the hard coded Group Policy processing timeout value ... The problem is indeed with the 1 hour Group Policy timeout, ... extend the time that Group Policy waits for by setting the MaxGPOScriptWait ... Policy processing to complete, before initiating the reboot. ... packages continue to install for as long as Group Policy processing continues. ... (microsoft.public.windowsxp.configuration_manage) Re: Re: Home folder not mapping ... > duplex settings on any ... > intermittent. ... > group policy settings. ... > timeout can be specified ... (microsoft.public.win2000.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)