Locking Workstations on IDLE with Group Policy or Registry based settings

If you are running Windows 2k or Windows XP based machines either in an Active directory based enviroment or an NT enviroment, and you want your users screen to lock after a certain period of time.  Do the following;

Note that the key to this is to have the screen saver executible set to the following “c:\%windir%\System32\rundll32.exe user32.dll,LockWorkStation” – If you run this from the start menu your screen should lock.

From GPOL you will have the following options;

  • Remove Display in Control Panel
  • Hide Desktop tab
  • Prevent changing wallpaper
  • Hide Appearance and Themes tab
  • Hide Settings tab
  • Hide Screen Saver tab
  • Screen saver <—-(Set this one)
  • Screen saver executable name<—-(Set this as): c:\%windir%\System32\rundll32.exe user32.dll,LockWorkStation
  • Password protect the screen saver  <—-(Set this one)
  • Screen Saver timeout  <—-(Set this one)

Even if the user disables it, the GPO will reapply the setting.

NT

Select the same settings as menitioned above using poledit.exe. Please download the attached adm files for attached options. Download Here

Source: http://sites.google.com/site/usutech/sonyvaiovgn-sz4xwn2

Advertisements

2 thoughts on “Locking Workstations on IDLE with Group Policy or Registry based settings

  1. A better way than this may be to ignore the screensaver all together.. Everything since Windows XP supports idle time in scheduled tasks (maybe win2k) so that is the way I chose to do this..

    In Group Policy, navigate to User Configuration\Preferences\Control Panel Settings\Scheduled Tasks and then create a new task called “Lock When Idle” or whatever. (note the LockWorkStation is case sensitive)

    (Task Tab)
    Action should be Update

    Run: rundll32.exe
    Arguments: user32.dll, LockWorkStation

    (Schedule Tab)
    Scheduled Task: When Idle
    Start Time: blank (should be grayed out)
    When the computer has been idle for : 30 minute(s) (or whatever idle time you want)

    (Settings Tab)
    Uncheck it all

    (Common Tab)
    Uncheck it all

    Apply this policy to the users you want to lock. Alternately you can apply it to workstations and enable Group Policy Loopback Processing for this policy as I did so that it is not assigned to servers when ever someone logs in to one.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s