none
Group Policy for Windows (mainly 7 and few 10) clients that locks the computer WITHOUT screen saver settings being changed

    Question

  • I'm looking for a way to simply lock the computer, just like Windows-L does, for computers that have been inactive for say, 30 minutes for example.

    Is there a way to do this, other than setting a screensaver and all that mess?  

    Any help is greatly appreciated. 

    Thanks!

    Wednesday, March 16, 2016 6:34 PM

Answers

  • Hi,

    Thanks for your update.

    Actually this policy “Beginning with Windows Server 2012 and Windows 8” begins with Windows Server 2012 and Windows 8 and we recommend you create a new GPO and link that to the OU instead of configuring the default domain policy.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 18, 2016 2:30 AM
    Moderator

All replies

  • Hi,

    Thanks for your post.

    About your requirement, except triggering a screensaver to kick off after 30 minutes, you could also try the below setting:

    Create a new GPO then edit it and go to Computer Configuration>Policies>Windows Settings>Security Settings>Local Policies>Security Options

    Find Interactive logon: Machine inactivity limit.

    Set that to whatever time you want and it will lock the PC after it hits that timer.

    Interactive logon: Machine inactivity limit

    https://technet.microsoft.com/en-us/library/jj966265.aspx

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 17, 2016 7:18 AM
    Moderator
  • Is this something that affects only Windows 8/Server 2012/Windows 10?  I tried machine inactivity limit and it started messing with my servers and windows 10 machines, but did not apply on my windows 7 computers. 

    This is what I don't understand, I created the GPO and put it on an OU with a test account (user account).  I scoped it for all domain users and all domain computers, but it's only applied to the one OU.   It started affecting my servers in my Server OU.  It doesn't make any sense.

    I had set it to auto lock after 10 seconds so I could test, then change to 45 minutes/etc...but i had to literally go to the domain level and change it so it would stop. 

    frustrated to say the least

    Thursday, March 17, 2016 3:25 PM
  • I think what happened is either myself or my coworker set the policy the first time on the default domain policy, and it only seemed to affect Windows 10/Server 2012 computers.   If I go in and turn off the default domain policy which essentially disables "Interactive logon: Machine inactivity limit", the local group policy on the server/client is still set to 10 seconds.  I have to go back and reenable the interactive logon : machine inactivity limit for like 45 minutes, or it will default to the local policy 10 seconds.  

    I don't know how this is so, b/c i've searched all GPOs and nothing sets this anywhere else in my domain/OUs.  

    Any ideas?  

    Thursday, March 17, 2016 5:58 PM
  • Hi,

    Thanks for your update.

    Actually this policy “Beginning with Windows Server 2012 and Windows 8” begins with Windows Server 2012 and Windows 8 and we recommend you create a new GPO and link that to the OU instead of configuring the default domain policy.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 18, 2016 2:30 AM
    Moderator